cvedb.io
CVE-2025-3115
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-04-09T18:15:50.813 · Last modified 2026-06-17T09:19:12.623

Summary

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Affected products

tibco — spotfire_enterprise_runtime_for_r

Does this affect you?

Add your gear to cvedb and we'll alert you only when tibco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.