Code Injection Vulnerability in Spotfire Products by TIBCO Software
CVE-2025-3115
9.4CRITICAL
What is CVE-2025-3115?
This vulnerability allows attackers to inject malicious code into TIBCO Spotfire products. By exploiting insufficient validation of filenames during file uploads, an attacker can upload and execute harmful files, potentially leading to unauthorized control over the affected system and compromising its security.
Affected Version(s)
Deployment Kit used in Spotfire Server 14.0 < 14.0.7
Deployment Kit used in Spotfire Server 14.1.0
Deployment Kit used in Spotfire Server 14.2.0
