Spotfire Improper Privilege Vulnerability
Original release date: July 08, 2025
Last revised: —
CVE-2025-7041
Source: Cloud Software Group Inc
The following components are affected:
Spotfire Enterprise Runtime for R - Server Edition
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for Python
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for R
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
These components are included in the following products:
Spotfire Statistics Services
- Version 14.0.7 and earlier
- Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2
Spotfire Enterprise
- Version 14.0.1 and earlier
- Version 14.4.2
Description:
On Linux operating systems, the listed products running as containerized services are vulnerable to privilege escalation attacks.
Impact:
Successful exploitation could allow an attacker to manipulate system behavior, potentially leading to service disruption, arbitrary code execution.
CVSS v4.0 Base Score : 8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Solution:
Cloud Software Group has released updated versions of the affected systems which address this issue.
Components:
Spotfire Enterprise Runtime for R - Server Edition
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
Spotfire Service for Python
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
Spotfire Service for R
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
These components are included in the following products:
Spotfire Statistics Services
- Version 14.0.7 and earlier: upgrade to 14.0.8 or higher
- Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2: upgrade to 14.5.0 or higher
Spotfire Enterprise (Spotfire Server)
- Version 14.0.1 and earlier: upgrade to 14.0.8 or higher
- Version 14.4.2: upgrade to 14.5.0 or higher
References
https://community.spotfire.com/security-advisories/
Comments
0 comments
Article is closed for comments.