A number of important safety vulnerabilities affecting Salesforce’s Tableau Server that would enable attackers to execute distant code, bypass authorization controls, and entry delicate manufacturing databases.
The vulnerabilities, revealed by a safety advisory revealed on June 26, 2025, impression Tableau Server variations earlier than 2025.1.3, earlier than 2024.2.12, and earlier than 2023.3.19, prompting pressing requires instant patching throughout enterprise environments.
Key Takeaways1. Eight important vulnerabilities have an effect on Tableau Server variations earlier than 2025.1.3, 2024.2.12, and 2023.3.192. Allows distant code execution and unauthorized database entry.3. Improve to the newest supported model now
Excessive-Severity Flaws in A number of Tableau Elements
The safety vulnerabilities span throughout numerous Tableau Server modules, presenting a complete assault floor that risk actors might exploit.
Essentially the most extreme vulnerability, CVE-2025-52449, carries a CVSS 3.1 base rating of 8.5 and originates from unrestricted file add capabilities throughout the Extensible Protocol Service modules.
This flaw allows Distant Code Execution (RCE) by various execution strategies as a consequence of misleading filenames, doubtlessly permitting attackers to achieve full system management.
Three extra authorization bypass vulnerabilities (CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448), every scoring 8.0 on the CVSS scale, have an effect on the tab-doc API modules, set-initial-sql tabdoc command modules, and validate-initial-sql API modules, respectively.
These vulnerabilities exploit user-controlled keys to control interfaces, granting unauthorized entry to manufacturing database clusters containing delicate organizational information.
Server-Facet Request Forgery and Path Traversal Flaws
Server-Facet Request Forgery (SSRF) vulnerabilities characterize one other important assault vector, with three separate CVEs recognized throughout completely different elements.
CVE-2025-52453 (CVSS 8.2) impacts Circulation Knowledge Supply modules, whereas CVE-2025-52454 (CVSS 8.2) impacts Amazon S3 Connector modules.
The third SSRF vulnerability, CVE-2025-52455 (CVSS 8.1), targets EPS Server modules.
These vulnerabilities allow useful resource location spoofing, permitting attackers to control server requests and doubtlessly entry inner methods.
A big path traversal vulnerability designated as CVE-2025-52452 (CVSS 8.5) impacts the tabdoc API duplicate-data-source modules.
This improper limitation of pathname restrictions allows absolute path traversal assaults, doubtlessly exposing delicate information throughout the server filesystem by listing traversal methods.
CVE IDVulnerability TitleCVSS 3.1 ScoreSeverityCVE-2025-52446Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52447Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52448Authorization Bypass By Consumer-Managed Key8.0HighCVE-2025-52449Unrestricted Add of File with Harmful Type8.5HighCVE-2025-52452Improper Limitation of a Pathname to a Restricted Directory8.5HighCVE-2025-52453Server-Facet Request Forgery (SSRF)8.2HighCVE-2025-52454Server-Facet Request Forgery (SSRF)8.2HighCVE-2025-52455Server-Facet Request Forgery (SSRF)8.1High
Mitigations
Salesforce strongly advises all Tableau Server clients to implement instant remediation measures.
Organizations ought to replace to the newest supported Upkeep Launch inside their present department, out there by the official Tableau Server Upkeep Launch web page.
Moreover, clients using Trino (previously Presto) drivers should replace to the newest driver model to make sure complete safety.
For enterprises working unsupported Tableau Server variations, Salesforce recommends upgrading to appropriate supported variations to keep up entry to important safety updates and technical help.
Expertise quicker, extra correct phishing detection and enhanced safety for what you are promoting with real-time sandbox analysis-> Attempt ANY.RUN now
