CVE-2025-3115

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3115

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

njection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

References
Link Resource
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/
Configurations

Configuration 1 (hide)

cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:-:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.4.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.18.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.19.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.20.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.1:*:*:*:server:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.4.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.1:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*
History

11 Nov 2025, 12:15

Type Values Removed Values Added
References
  • {'url': 'https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/', 'tags': ['Vendor Advisory'], 'source': '[email protected]'}
  • () https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/ -

22 Apr 2025, 16:46

Type Values Removed Values Added
CPE cpe:2.3:a:tibco:spotfire_statistics_services:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.19.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:-:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.1:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_statistics_services:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.18.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.20.0:*:*:*:server:*:*:*
cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.0:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidades de inyección: Los atacantes pueden inyectar código malicioso, lo que podría permitirle controlar el sistema que ejecuta estas funciones. Además, una validación insuficiente de los nombres de archivo durante la carga puede permitir que los atacantes carguen y ejecuten archivos maliciosos, lo que provoca la ejecución de código arbitrario.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/ - () https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/ - Vendor Advisory
First Time Tibco spotfire Desktop
Tibco spotfire Deployment Kit
Tibco spotfire Analyst
Tibco spotfire Enterprise Runtime For R
Tibco spotfire Statistics Services
Tibco
Tibco spotfire Analytics Platform

09 Apr 2025, 19:15

Type Values Removed Values Added
CWE CWE-94

09 Apr 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-09 18:15

Updated : 2025-11-11 12:15

NVD link : CVE-2025-3115

Mitre link : CVE-2025-3115

CVE.ORG link : CVE-2025-3115

JSON object : View

Products Affected

tibco

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')