ГлавнаяУязвимости → CVE-2025-3115
9.8критическая

CVE-2025-3115

Описание

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Затрагиваемое ПО
Tibco Spotfire enterprise runtime for rTibco Spotfire statistics servicesTibco Spotfire analystTibco Spotfire deployment kitTibco Spotfire desktopTibco Spotfire analytics platform
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/