Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerabilities in Spotfire, CVE-2025-3114 / CVE-2025-3115, Patch Immediately!
Image
Published : 10/04/2025
* Last update: 10/04/2025
* Affected software::
→ Spotfire Enterprise Runtime for R
→ Spotfire Statistics Services
→ Spotfire Enterprise Runtime for R - Server Edition
→ Spotfire Analyst
→ Deployment Kit used in Spotfire Server
→ Spotfire Desktop
→ Spotfire for AWS Marketplace
* Type:
→ Arbitrary Code Execution
* CVE/CVSS
→ CVE-2025-3114: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
→ CVE-2025-3115: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H))
Sources
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/
Risks
Spotfire fixed two critical vulnerabilities CVE-2025-3114 and CVE-2025-3115 that could lead to an unauthorized attacker executing arbitrary code. The impact of these vulnerabilities one the CIA triad is High for all vertices. Successful exploitation could lead to a full system compromise.
Description
CVE-2025-3114 - Spotfire Code Execution Vulnerability
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise.
Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security controls, and compromise the system.
CVE-2025-3115 - Spotfire Data Function Vulnerability
Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution.
Successful exploitation of these vulnerabilities within Data Functions could allow an attacker to inject malicious code, gain control over the execution environment, and execute arbitrary files through improperly validated file uploads.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://feedly.com/cve/CVE-2025-3114
https://feedly.com/cve/CVE-2025-3115