Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledgebase
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Image Artist Spectrus, Percepta, Katalyst, Luminata and more
Downloads
Downloads
Community
Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041

JASON STEPHENS
  • Updated

 

Spotfire Improper Privilege Vulnerability

Original release date: July 08, 2025
Last revised: —
CVE-2025-7041
Source: Cloud Software Group Inc
 

Products Affected

The following components are affected:

Spotfire Enterprise Runtime for R - Server Edition

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

Spotfire Service for Python

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

Spotfire Service for R

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

These components are included in the following products:

Spotfire Statistics Services

  • Version 14.0.7 and earlier
  • Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2

Spotfire Enterprise

  • Version 14.0.1 and earlier
  • Version 14.4.2
     

Description

On Linux operating systems; the listed products running as containerised services are vulnerable to privilege escalation attacks.

Impact

Successful exploitation could allow an attacker to manipulate system behavior, potentially leading to service disruption, arbitrary code execution.

CVSS v4.0 Base Score : 8.7 (High)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Solution

Cloud Software Group has released updated versions of the affected systems which address this issue.

Components:

Spotfire Enterprise Runtime for R - Server Edition

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher

Spotfire Service for Python

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher

Spotfire Service for R

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
     

These components are included in the following products:

Spotfire Statistics Services

  • Version 14.0.7 and earlier: upgrade to 14.0.8 or higher
  • Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2: upgrade to 14.5.0 or higher

Spotfire Enterprise

  • Version 14.0.1 and earlier: upgrade to 14.0.8 or higher
  • Version 14.4.2: upgrade to 14.5.0 or higher

References
https://community.spotfire.com/security-advisories/
CVE-2025-7041

Related articles

Comments

0 comments

Article is closed for comments.