CVE-2025-3115CRITICAL 9.8EPSS p41.6%

CVE-2025-3115CVE-2025-3115

Description

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.6% · 2026-06-19T12:03:05Z
Published2025-04-09
Last modified2025-11-11

Underlying weaknesses· 1

CWE-94

References

  1. https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41735
CVE
CVE-2025-59818
CVE
CVE-2026-21628
CVE
CVE-2025-55061
CVE
CVE-2025-62630
CVE
CVE-2025-59171
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.