Unrated severityNVD Advisory· Published Apr 9, 2025· Updated Nov 11, 2025

Spotfire Data Function Vulnerability

CVE-2025-3115

Description

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Affected products

Spotfire/Spotfire For Aws Marketplacev5
Range: 14.4
Spotfire/Spotfire Analystv5
Range: 14.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000