Unrated severityNVD Advisory· Published Apr 9, 2025· Updated Nov 11, 2025
Spotfire Data Function Vulnerability
CVE-2025-3115
Description
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Affected products
2- Range: 14.4
- Spotfire/Spotfire Analystv5Range: 14.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.