CVE-2025-3115

Name of the Vulnerable Software and Affected Versions: Apache File Upload versions (affected versions not specified) TIBCO Spotfire versions (affected versions not specified)

Description: The issue allows attackers to inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution.

Recommendations: For Apache File Upload, restrict access to the file upload functionality until a patch is available. For TIBCO Spotfire, consider disabling the affected functions or modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.