Products | Versions |
---|---|
Spotfire Enterprise Runtime for R - Server Edition | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
Spotfire Service for Python | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
Spotfire Service for R | 1.17.7 and earlier, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.21.2 |
Spotfire Statistics Services | 14.0.7 and earlier, 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.4.1, 14.4.2 |
Original release date: July 08, 2025
Last revised: —
CVE-2025-7041
Source: Cloud Software Group Inc.
On Linux operating systems; the listed products running as containerized services are vulnerable to privilege escalation attacks.
Successful exploitation could allow an attacker to manipulate system behavior, potentially leading to service disruption, arbitrary code execution.
CVSS v4.0 Base Score : 8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
The following components are affected:
Spotfire Enterprise Runtime for R - Server Edition
Spotfire Service for Python
Spotfire Service for R
These components are included in the following products:
Spotfire Statistics Services
Spotfire Enterprise
Cloud Software Group has released updated versions of the affected systems which address this issue.
Components:
Spotfire Enterprise Runtime for R - Server Edition
Spotfire Service for Python
Spotfire Service for R
These components are included in the following products:
Spotfire Statistics Services
Spotfire Enterprise
Security Advisory regarding Spotfire Improper Privilege Vulnerability