Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041

Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041

book

Article ID: KB0137824

calendar_today

Updated On:

Products Versions
Spotfire Enterprise Runtime for R - Server Edition 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for Python 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Service for R 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2
Spotfire Statistics Services 14.0.7 and earlier, 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2

Description

Spotfire Security Advisory: July 08, 2025 - Spotfire - CVE-2025-7041

Spotfire Improper Privilege Vulnerability


Original release date: July 08, 2025
Last revised: —
CVE-2025-7041
Source: Cloud Software Group Inc.

Description

On Linux operating systems; the listed products running as containerized services are vulnerable to privilege escalation attacks.

Impact

Successful exploitation could allow an attacker to manipulate system behavior, potentially leading to service disruption, arbitrary code execution.

CVSS v4.0 Base Score : 8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Environment

Products Affected

The following components are affected:

Spotfire Enterprise Runtime for R - Server Edition

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

Spotfire Service for Python

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

Spotfire Service for R

  • Version 1.17.7 and earlier
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2

 

These components are included in the following products:

Spotfire Statistics Services

  • Version 14.0.7 and earlier
  • Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2

Spotfire Enterprise

  • Version 14.0.1 and earlier
  • Version 14.4.2

 

Resolution

Cloud Software Group has released updated versions of the affected systems which address this issue.

Components:

Spotfire Enterprise Runtime for R - Server Edition

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher

Spotfire Service for Python

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher

Spotfire Service for R

  • Version 1.17.7 and earlier: upgrade to 1.17.8 or higher
  • Version 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2: upgrade to 1.22.0 or higher

 

These components are included in the following products:

Spotfire Statistics Services

  • Version 14.0.7 and earlier: upgrade to 14.0.8 or higher
  • Version 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2: upgrade to 14.5.0 or higher

Spotfire Enterprise

  • Version 14.0.1 and earlier: upgrade to 14.0.8 or higher
  • Version 14.4.2: upgrade to 14.5.0 or higher

Issue/Introduction

Security Advisory regarding Spotfire Improper Privilege Vulnerability

Additional Information