Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041
Article ID: KB0137824
Updated On:
| Products | Versions |
|---|---|
| Spotfire Enterprise Runtime for R - Server Edition | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
| Spotfire Service for Python | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
| Spotfire Service for R | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
| Spotfire Statistics Services | 14.0.7 and earlier, 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2 |
Description
Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041
Spotfire Improper Privilege Vulnerability
Original release date: July 08, 2025
Last revised: —
CVE-2025-7041
Source: Cloud Software Group Inc.
Description
On Linux operating systems; the listed products running as containerized services are vulnerable to privilege escalation attacks.
Impact
Successful exploitation could allow an attacker to manipulate system behavior, potentially leading to service disruption, arbitrary code execution.
CVSS v4.0 Base Score : 8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Environment
Products Affected
The following components are affected:
Spotfire Enterprise Runtime for R - Server Edition
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for Python
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for R
- Version 1.17.7 and earlier
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
These components are included in the following products:
Spotfire Statistics Services
- Version 14.0.7 and earlier
- Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2
Spotfire Enterprise
- Version 14.0.1 and earlier
- Version 14.4.2
Resolution
Cloud Software Group has released updated versions of the affected systems which address this issue.
Components:
Spotfire Enterprise Runtime for R - Server Edition
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
Spotfire Service for Python
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
Spotfire Service for R
- Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
- Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher
These components are included in the following products:
Spotfire Statistics Services
- Version 14.0.7 and earlier: upgrade to 14.0.8 or higher
- Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2: upgrade to 14.5.0 or higher
Spotfire Enterprise
- Version 14.0.1 and earlier: upgrade to 14.0.8 or higher
- Version 14.4.2: upgrade to 14.5.0 or higher
Issue/Introduction
Security Advisory regarding Spotfire Improper Privilege Vulnerability
Additional Information
