CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-3115

CVSS 9.4v4.0pub. 2025-04-09upd. 2025-11-11

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tibco Spotfire Analyst

    APP
    Tibco
    14.1.014.2.014.3.014.4.014.4.1< 14.0.6
  • Tibco Spotfire Analytics Platform

    APP
    Tibco
    < 14.4.2
  • Tibco Spotfire Deployment Kit

    APP
    Tibco
    14.1.014.2.014.3.014.4.014.4.1< 14.0.7
  • Tibco Spotfire Desktop

    APP
    Tibco
    < 14.4.2
  • Tibco Spotfire Enterprise Runtime For R

    APP
    Tibco
    1.18.01.19.01.20.01.21.01.21.1< 1.17.7< 6.1.5
  • Tibco Spotfire Statistics Services

    APP
    Tibco
    14.1.014.2.014.3.014.4.014.4.1< 14.0.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-29268CRITICAL9.8ten sam produkt

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerabilit...

CVE-2022-41558CRITICAL9.0ten sam produkt

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Sp...

CVE-2018-12410CRITICAL9.8ten sam produkt

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilitie...

CVE-2017-3181CRITICAL9.8ten sam produkt

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to pr...

CVE-2018-5435CRITICAL9.6ten sam produkt

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotf...