Home Cyber Security News Severe Salesforce Tableau Vulnerabilities Enable Remote Code Execution – Urgent Patch Required

Severe Salesforce Tableau Vulnerabilities Enable Remote Code Execution – Urgent Patch Required

0

Salesforce has disclosed eight critical security vulnerabilities affecting multiple versions of Tableau Server, prompting urgent security updates across Windows and Linux deployments.

The vulnerabilities, announced on June 26, 2025, encompass severe security risks, including Remote Code Execution (RCE), Server-Side Request Forgery (SSRF), and unauthorized database access capabilities.

Organizations running Tableau Server versions before 2025.1.3, 2024.2.12, or 2023.3.19 face immediate security exposure and require emergency patching to mitigate potential exploitation.

Critical Vulnerabilities Identified

The security advisory reveals multiple Authorization Bypass Through User-Controlled Key vulnerabilities targeting core Tableau Server components.

CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448 specifically affect the tab-doc api modules, set-initial-sql tabdoc command modules, and validate-initial-sql api modules respectively, each carrying a CVSS 3.1 Base Score of 8.0.

These vulnerabilities enable attackers to manipulate interfaces and gain unauthorized access to production database clusters through compromised user-controlled keys.

The most severe vulnerability, CVE-2025-52449, represents an Unrestricted Upload of File with Dangerous Type flaw in the Extensible Protocol Service modules.

With a CVSS 3.1 Base Score of 8.5, this vulnerability facilitates Alternative Execution Due to Deceptive Filenames, effectively enabling remote code execution on affected systems.

Additionally, CVE-2025-52452 exposes a critical Path Traversal vulnerability in the tabdoc api - duplicate-data-source modules, allowing Absolute Path Traversal attacks with an identical CVSS score of 8.5.

Technical Impact and Severity Assessment

Server-Side Request Forgery (SSRF) vulnerabilities constitute another significant attack vector across multiple Tableau Server components.

CVE-2025-52453 affects Flow Data Source modules with a CVSS score of 8.2, while CVE-2025-52454 targets Amazon S3 Connector modules with identical severity ratings.

CVE-2025-52455 impacts EPS Server modules with a CVSS score of 8.1, all enabling Resource Location Spoofing attacks that could compromise internal network security.

These vulnerabilities collectively expose organizations to data exfiltration, lateral movement, and privilege escalation attacks.

The authorization bypass mechanisms particularly threaten data integrity by providing unauthorized production database access, while the file upload vulnerability creates direct pathways for malicious code deployment across enterprise infrastructures.

Immediate Action Required for Organizations

Salesforce strongly recommends immediate deployment of the latest Tableau Server Maintenance Release available through the official Server Maintenance Release page.

Organizations utilizing Trino (formerly Presto) drivers must simultaneously update to the latest driver versions to ensure comprehensive security coverage.

System administrators should prioritize upgrading unsupported Tableau Server versions to compatible supported releases, ensuring continuous security update reception and vendor support availability.

The maintenance releases address all identified vulnerabilities through enhanced input validation, improved authorization mechanisms, and strengthened file upload restrictions across affected modules.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Exit mobile version