CVE-2025-3115
high-risk
Published 2025-04-09
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Do I need to act?
-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Spotfire Enterprise Runtime For R
Spotfire Statistics Services
Spotfire Statistics Services
Spotfire Statistics Services
Spotfire Statistics Services
Spotfire Statistics Services
Spotfire Statistics Services
Spotfire Enterprise Runtime For R
Spotfire Enterprise Runtime For R
Spotfire Enterprise Runtime For R
Spotfire Enterprise Runtime For R
Spotfire Enterprise Runtime For R
Spotfire Enterprise Runtime For R
Spotfire Analyst
Spotfire Analyst
Spotfire Analyst
Spotfire Analyst
Spotfire Analyst
Spotfire Analyst
Spotfire Deployment Kit
Affected Vendors
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
22/34 · High