- Description
- Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
- Source
- security@tibco.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
- Hype score
- Not currently trending
⚡️The vulnerability details are now available: https://t.co/Yzdm11XElK 🚨🚨TIBCO Spotfire Under Fire CVE-2025-3114: Spotfire Code Execution Vulnerability Attackers can craft files with embedded malicious code that Spotfire might run without proper checks. CVE-2025-3115: https:/
@zoomeye_team
12 Apr 2025
560 Impressions
2 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3115 ⚠️🔴 CRITICAL (9.4) 🏢 Spotfire - Spotfire Statistics Services 🏗️ 14 🔗 https://t.co/7boy9fMq8w #CyberCron #VulnAlert #InfoSec https://t.co/x17nfecX2G
@cybercronai
11 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: #Spotfire fixed two critical vulnerabilities that could lead to arbitrary code execution. CVE-2025-3114 and CVE-2025-3115 both have a CVSS 4.0 score of 9.4! https://t.co/PNzDCqAxPy #Patch #Patch #Patch
@CCBalert
10 Apr 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3115: CRITICAL] Be cautious of injection vulnerabilities as attackers can implant malicious code to seize control of the system. Check file uploads to prevent arbitrary code execution.#cybersecurity,#vulnerability https://t.co/ACOUoNT3e3 https://t.co/VBac7eRgMJ
@CveFindCom
9 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4B95026-0F1F-498E-A9F6-E6C8128C96D7",
"versionEndExcluding": "6.1.5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D32EAFEE-068C-411B-835A-3EB904EF1D72",
"versionEndExcluding": "14.0.7"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7C020EF-6D20-4898-B87C-947856FFA863"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1658C79B-930F-4810-AEA0-CA028AAF0C40"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9366B298-53DA-480A-8511-F26A5993BBB1"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24E86CD4-74B8-452C-AB07-1056D88EBA69"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1FE621F-3100-40F2-B5CA-586CC399BF0D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFDC8DE8-CA02-403D-ACC9-AAFD83931EF4",
"versionEndExcluding": "1.17.7"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.18.0:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C8006F5-94D2-41AD-971E-3E4949AB3E85"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.19.0:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4F950F4-8EBB-49BF-A04F-1FC53ADF5B37"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.20.0:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DDF81DF-0B5D-47B0-95CA-99FE80193632"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.0:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "470B940C-EC98-48AC-A723-6E7358355A4C"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.1:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE050D37-B646-4A65-A580-D2AEFB024216"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1159D5C-5687-4634-8372-2D78E3AC4EED",
"versionEndExcluding": "14.0.6"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB4B3273-A4D0-4455-9957-3FB21273E509"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "482923B8-BF2E-4EB1-A04A-BF139703DA49"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCF8F9F1-2DE8-4ABB-BC5E-C75D81ACA0B0"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "362FBA49-9BEA-4946-9F64-0E5FB57B8AC3"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EC54B56-2861-404F-91F5-2FC9C2B6F794"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E9B3AD9-1370-43F5-82FF-D62FE7EB14BB",
"versionEndExcluding": "14.0.7"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB5F5802-BBC6-41E6-BB6A-FB58C0806C18"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0760EB3A-55CD-4F7C-A60B-9A2B01A7D7AF"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAFACCD8-2FD1-4759-93A4-91798A1D5E4B"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F60D8880-17CA-425D-B4A4-42F67DF59E67"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0429550-AC79-489D-9D21-C2E0CF5F68DD"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20E73759-DAA6-4426-BCCC-3C430F24B58B",
"versionEndExcluding": "14.4.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
"vulnerable": true,
"matchCriteriaId": "3D1EB109-FC21-404F-8129-73A5363B5A94",
"versionEndExcluding": "14.4.2"
}
],
"operator": "OR"
}
]
}
]