Code Injection Vulnerability in Spotfire Products by TIBCO Software
CVE-2025-3115

9.4CRITICAL

What is CVE-2025-3115?

This vulnerability allows attackers to inject malicious code into TIBCO Spotfire products. By exploiting insufficient validation of filenames during file uploads, an attacker can upload and execute harmful files, potentially leading to unauthorized control over the affected system and compromising its security.

Affected Version(s)

Deployment Kit used in Spotfire Server 14.0 < 14.0.7

Deployment Kit used in Spotfire Server 14.1.0

Deployment Kit used in Spotfire Server 14.2.0

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.