Vulnerability Description
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Enterprise Runtime For R | < 6.1.5 |
| Tibco | Spotfire Statistics Services | < 14.0.7 |
| Tibco | Spotfire Analyst | < 14.0.6 |
| Tibco | Spotfire Deployment Kit | < 14.0.7 |
| Tibco | Spotfire Desktop | < 14.4.2 |
| Tibco | Spotfire Analytics Platform | < 14.4.2 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-3115?
CVE-2025-3115 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file up...
How severe is CVE-2025-3115?
CVE-2025-3115 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-3115?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Enterprise Runtime For R, Tibco Spotfire Statistics Services, Tibco Spotfire Analyst, Tibco Spotfire Deployment Kit, Tibco Spotfire Desktop.