Home
CRITICAL: 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HDefault status
unaffected
14 (Patch) before 14.0.7
affected
14.1.0 (Patch)
affected
14.2.0 (Patch)
affected
14.3.0 (Patch)
affected
14.4.0 (Patch)
affected
14.4.1 (Patch)
affected
Default status
unknown
14.0 (Patch) before 14.0.6
affected
14.1.0 (Patch)
affected
14.2.0 (Patch)
affected
14.3.0 (Patch)
affected
14.4.0 (Patch)
affected
14.4.1 (Patch)
affected
Default status
unknown
14.0 (Patch) before 14.0.7
affected
14.1.0 (Patch)
affected
14.2.0 (Patch)
affected
14.3.0 (Patch)
affected
14.4.0 (Patch)
affected
14.4.1 (Patch)
affected
Default status
unknown
14.4 (Patch) before 14.4.2
affected
Default status
unknown
14.4 (Patch) before 14.4.2
unknown
Default status
unknown
1.17 (Patch) before 1.17.7
affected
1.18.0 (Patch)
affected
1.19.0 (Patch)
affected
1.20.0 (Patch)
affected
1.21.0 (Patch)
affected
1.21.1 (Patch)
affected
Default status
unknown
1.17 (Patch) before 1.17.7
affected
1.18.0 (Patch)
affected
Default status
unknown
1.17 (Patch) before 1.17.7
affected
1.18.0 (Patch)
affected
Description
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Product status
14 (Patch) before 14.0.7
14.1.0 (Patch)
14.2.0 (Patch)
14.3.0 (Patch)
14.4.0 (Patch)
14.4.1 (Patch)
14.0 (Patch) before 14.0.6
14.1.0 (Patch)
14.2.0 (Patch)
14.3.0 (Patch)
14.4.0 (Patch)
14.4.1 (Patch)
14.0 (Patch) before 14.0.7
14.1.0 (Patch)
14.2.0 (Patch)
14.3.0 (Patch)
14.4.0 (Patch)
14.4.1 (Patch)
14.4 (Patch) before 14.4.2
14.4 (Patch) before 14.4.2
1.17 (Patch) before 1.17.7
1.18.0 (Patch)
1.19.0 (Patch)
1.20.0 (Patch)
1.21.0 (Patch)
1.21.1 (Patch)
1.17 (Patch) before 1.17.7
1.18.0 (Patch)
1.17 (Patch) before 1.17.7
1.18.0 (Patch)
References
community.spotfire.com/...2025-spotfire-cve-2025-3115-r3485/