Salesforce has disclosed eight critical security vulnerabilities affecting multiple versions of Tableau Server, prompting urgent security updates across Windows and Linux deployments.
The vulnerabilities, announced on June 26, 2025, encompass severe security risks, including Remote Code Execution (RCE), Server-Side Request Forgery (SSRF), and unauthorized database access capabilities.
Organizations running Tableau Server versions before 2025.1.3, 2024.2.12, or 2023.3.19 face immediate security exposure and require emergency patching to mitigate potential exploitation.
Critical Vulnerabilities Identified
The security advisory reveals multiple Authorization Bypass Through User-Controlled Key vulnerabilities targeting core Tableau Server components.
CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448 specifically affect the tab-doc api modules
, set-initial-sql tabdoc command modules
, and validate-initial-sql api modules
respectively, each carrying a CVSS 3.1 Base Score of 8.0.
These vulnerabilities enable attackers to manipulate interfaces and gain unauthorized access to production database clusters through compromised user-controlled keys.
The most severe vulnerability, CVE-2025-52449, represents an Unrestricted Upload of File with Dangerous Type flaw in the Extensible Protocol Service modules.
With a CVSS 3.1 Base Score of 8.5, this vulnerability facilitates Alternative Execution Due to Deceptive Filenames, effectively enabling remote code execution on affected systems.
Additionally, CVE-2025-52452 exposes a critical Path Traversal vulnerability in the tabdoc api - duplicate-data-source modules
, allowing Absolute Path Traversal attacks with an identical CVSS score of 8.5.
Technical Impact and Severity Assessment
Server-Side Request Forgery (SSRF) vulnerabilities constitute another significant attack vector across multiple Tableau Server components.
CVE-2025-52453 affects Flow Data Source modules with a CVSS score of 8.2, while CVE-2025-52454 targets Amazon S3 Connector modules with identical severity ratings.
CVE-2025-52455 impacts EPS Server modules with a CVSS score of 8.1, all enabling Resource Location Spoofing attacks that could compromise internal network security.
These vulnerabilities collectively expose organizations to data exfiltration, lateral movement, and privilege escalation attacks.
The authorization bypass mechanisms particularly threaten data integrity by providing unauthorized production database access, while the file upload vulnerability creates direct pathways for malicious code deployment across enterprise infrastructures.
Immediate Action Required for Organizations
Salesforce strongly recommends immediate deployment of the latest Tableau Server Maintenance Release available through the official Server Maintenance Release page.
Organizations utilizing Trino (formerly Presto) drivers must simultaneously update to the latest driver versions to ensure comprehensive security coverage.
System administrators should prioritize upgrading unsupported Tableau Server versions to compatible supported releases, ensuring continuous security update reception and vendor support availability.
The maintenance releases address all identified vulnerabilities through enhanced input validation, improved authorization mechanisms, and strengthened file upload restrictions across affected modules.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates