Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

Posted on July 28, 2025July 28, 2025 By CWS

A number of important safety vulnerabilities affecting Salesforce’s Tableau Server that would enable attackers to execute distant code, bypass authorization controls, and entry delicate manufacturing databases. 

The vulnerabilities, revealed by a safety advisory revealed on June 26, 2025, impression Tableau Server variations earlier than 2025.1.3, earlier than 2024.2.12, and earlier than 2023.3.19, prompting pressing requires instant patching throughout enterprise environments.

Key Takeaways1. Eight important vulnerabilities have an effect on Tableau Server variations earlier than 2025.1.3, 2024.2.12, and 2023.3.192. Allows distant code execution and unauthorized database entry.3. Improve to the newest supported model now

Excessive-Severity Flaws in A number of Tableau Elements

The safety vulnerabilities span throughout numerous Tableau Server modules, presenting a complete assault floor that risk actors might exploit. 

Essentially the most extreme vulnerability, CVE-2025-52449, carries a CVSS 3.1 base rating of 8.5 and originates from unrestricted file add capabilities throughout the Extensible Protocol Service modules. 

This flaw allows Distant Code Execution (RCE) by various execution strategies as a consequence of misleading filenames, doubtlessly permitting attackers to achieve full system management.

Three extra authorization bypass vulnerabilities (CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448), every scoring 8.0 on the CVSS scale, have an effect on the tab-doc API modules, set-initial-sql tabdoc command modules, and validate-initial-sql API modules, respectively. 

These vulnerabilities exploit user-controlled keys to control interfaces, granting unauthorized entry to manufacturing database clusters containing delicate organizational information.

Server-Facet Request Forgery and Path Traversal Flaws

Server-Facet Request Forgery (SSRF) vulnerabilities characterize one other important assault vector, with three separate CVEs recognized throughout completely different elements. 

CVE-2025-52453 (CVSS 8.2) impacts Circulation Knowledge Supply modules, whereas CVE-2025-52454 (CVSS 8.2) impacts Amazon S3 Connector modules. 

The third SSRF vulnerability, CVE-2025-52455 (CVSS 8.1), targets EPS Server modules. 

These vulnerabilities allow useful resource location spoofing, permitting attackers to control server requests and doubtlessly entry inner methods.

A big path traversal vulnerability designated as CVE-2025-52452 (CVSS 8.5) impacts the tabdoc API duplicate-data-source modules. 

This improper limitation of pathname restrictions allows absolute path traversal assaults, doubtlessly exposing delicate information throughout the server filesystem by listing traversal methods.

CVE IDVulnerability TitleCVSS 3.1 ScoreSeverityCVE-2025-52446Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52447Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52448Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52449Unrestricted Add of File with Harmful Type8.5HighCVE-2025-52452Improper Limitation of a Pathname to a Restricted Directory8.5HighCVE-2025-52453Server-Facet Request Forgery (SSRF)8.2HighCVE-2025-52454Server-Facet Request Forgery (SSRF)8.2HighCVE-2025-52455Server-Facet Request Forgery (SSRF)8.1High

Mitigations

Salesforce strongly advises all Tableau Server clients to implement instant remediation measures. 

Organizations ought to replace to the newest supported Upkeep Launch inside their present department, out there by the official Tableau Server Upkeep Launch web page. 

Moreover, clients using Trino (previously Presto) drivers should replace to the newest driver model to make sure complete safety.

For enterprises working unsupported Tableau Server variations, Salesforce recommends upgrading to appropriate supported variations to keep up entry to important safety updates and technical help. 

Expertise quicker, extra correct phishing detection and enhanced safety for what you are promoting with real-time sandbox analysis-> Attempt ANY.RUN now

Cyber Security News Tags:Attackers, Code, Critical, Execute, Remotely, Salesforce, Tableau, Vulnerabilities

Post navigation

Previous Post: Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Next Post: Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

Related Posts

Managing Data Subject Access Requests in Compliance Programs Cyber Security News
Europol Disrupted “NoName057(16)” Hacking Group’s Infrastructure of 100+ Servers Worldwide Cyber Security News
Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users’ Personal Information Cyber Security News
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone Cyber Security News
RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices Cyber Security News
New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access
  • Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
  • New SHUYAL Attacking 19 Popular Browsers to Steal Login Credentials
  • UNC3886 Hackers Exploiting 0-Days in VMware vCenter/ESXi, Fortinet FortiOS, and Juniper Junos OS
  • Hackers Allegedly Destroyed Aeroflot Airlines’ IT Infrastructure in Year-Long Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access
  • Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
  • New SHUYAL Attacking 19 Popular Browsers to Steal Login Credentials
  • UNC3886 Hackers Exploiting 0-Days in VMware vCenter/ESXi, Fortinet FortiOS, and Juniper Junos OS
  • Hackers Allegedly Destroyed Aeroflot Airlines’ IT Infrastructure in Year-Long Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News