CVE-2025-3114

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.

CVSS

No CVSS.

References

Link	Resource
https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/

Configurations

No configuration.

History

15 Apr 2025, 21:16

Type	Values Removed	Values Added
CWE		CWE-693 CWE-94
Summary		(es) Ejecución de código mediante archivos maliciosos: Los atacantes pueden crear archivos especialmente manipulados con código incrustado que puede ejecutarse sin la validación de seguridad adecuada, lo que podría comprometer el sistema. Vulnerabilidad de elusión de la zona de pruebas: Una falla en el mecanismo de seguridad TERR permite a los atacantes eludir las restricciones de la zona de pruebas, lo que permite la ejecución de código no confiable sin los controles adecuados.

09 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-09 18:15

Updated : 2025-04-15 21:16

NVD link : CVE-2025-3114

Mitre link : CVE-2025-3114

CVE.ORG link : CVE-2025-3114

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-693

Protection Mechanism Failure

{"id": "CVE-2025-3114", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@tibco.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-09T18:15:50.643", "references": [{"url": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/", "source": "security@tibco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "Code Execution via Malicious Files:\u00a0Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise.\n\nSandbox Bypass Vulnerability:\u00a0A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls."}, {"lang": "es", "value": "Ejecuci\u00f3n de c\u00f3digo mediante archivos maliciosos: Los atacantes pueden crear archivos especialmente manipulados con c\u00f3digo incrustado que puede ejecutarse sin la validaci\u00f3n de seguridad adecuada, lo que podr\u00eda comprometer el sistema. Vulnerabilidad de elusi\u00f3n de la zona de pruebas: Una falla en el mecanismo de seguridad TERR permite a los atacantes eludir las restricciones de la zona de pruebas, lo que permite la ejecuci\u00f3n de c\u00f3digo no confiable sin los controles adecuados."}], "lastModified": "2025-04-15T21:16:04.847", "sourceIdentifier": "security@tibco.com"}