Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

The vulnerabilities, revealed through a security advisory published on June 26, 2025, impact Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19, prompting urgent calls for immediate patching across enterprise environments. Three additional authorization bypass vulnerabilities (CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448), each scoring 8.0 on the CVSS scale, affect the tab-doc API modules, set-initial-sql tabdoc command modules, and validate-initial-sql API modules, respectively. These vulnerabilities exploit user-controlled keys to manipulate interfaces, granting unauthorized access to production database clusters containing sensitive organizational data. This flaw enables Remote Code Execution (RCE) through alternative execution methods due to deceptive filenames, potentially allowing attackers to gain complete system control. These vulnerabilities enable resource location spoofing, allowing attackers to manipulate server requests and potentially access internal systems. This improper limitation of pathname restrictions enables absolute path traversal attacks, potentially exposing sensitive files across the server filesystem through directory traversal techniques. The most severe vulnerability, CVE-2025-52449, carries a CVSS 3.1 base score of 8.5 and originates from unrestricted file upload capabilities within the Extensible Protocol Service modules. Enables remote code execution and unauthorized database access. Additionally, customers utilizing Trino (formerly Presto) drivers must update to the most recent driver version to ensure comprehensive protection. Salesforce strongly advises all Tableau Server customers to implement immediate remediation measures.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 06:10:24 +0000

Cyber News related to Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

Salesforce Lays-Off 700 Staff - American CRM giant Salesforce is reportedly reducing its workforce again, on top of a sizeable reduction back in 2023. The Wall Street Journal reported that Salesforce is laying off 700 workers, or 1 percent of its workforce, in the latest round of ...
1 year ago Silicon.co.uk

Inside the strategy of Salesforce's new Chief Trust Officer - In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible ...
1 year ago Helpnetsecurity.com

Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely - The vulnerabilities, revealed through a security advisory published on June 26, 2025, impact Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19, prompting urgent calls for immediate patching across enterprise ...
5 hours ago Cybersecuritynews.com CVE-2025-52446

CVE-2022-22127 - Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for ...
1 year ago

Allianz Life confirms data breach impacts majority of 1.4 million customers - ShinyHunters is a group of threat actors who are linked to multiple high-profile data breaches and attacks, including those against PowerSchool and the SnowFlake attacks, which ...
1 day ago Bleepingcomputer.com Hunters

CVE-2019-15637 - Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. ...
3 years ago

The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news

CVE-2017-5178 - An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is ...
4 years ago

NHS Breach, HSE Bug Expose Healthcare Data in the British Isles - This week, a division of the National Health Service Scotland was struck by a cyberattack, potentially disrupting services and exposing patient and employee data. A researcher disclosed a Salesforce configuration error that exposed millions of Irish ...
1 year ago Darkreading.com

Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com

CVE-2022-22128 - Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older ...
2 years ago

CVE-2025-26495 - Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before ...
5 months ago Tenable.com

CVE-2025-26494 - Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5. ...
5 months ago Tenable.com

CVE-2025-52455 - Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. ...
2 days ago

CVE-2025-52454 - Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. ...
2 days ago

CVE-2025-52453 - Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. ...
2 days ago

CVE-2025-52452 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects ...
2 days ago

Juniper Support Portal Exposed Customer Device Info - Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty ...
1 year ago Krebsonsecurity.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
1 year ago Feeds.dzone.com

Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters

Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
1 year ago Darkreading.com

Learning To Use Web3: First Impressions - Come along with me as I learn about blockchain and web3: the good, the bad, why it's needed, how to learn it, and, in the end, if it's really what it's hyped up to be. Web3's potential to transform how businesses transact and perform merits ...
1 year ago Feeds.dzone.com

Microsoft Patch Tuesday 2024: 49 Vulnerabilities are fixed - Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products. Among these 49 vulnerabilities, there were 12 remote code execution ...
1 year ago Cybersecuritynews.com CVE-2024-20674 CVE-2024-20700 CVE-2024-0057

Multiple Critical Vulnerabilities in D-Link Routers Let Attackers Execute Arbitrary Code Remotely - Multiple critical vulnerabilities in D-Link router models could allow remote attackers to execute arbitrary code and gain unauthorized access to the network infrastructure. These vulnerabilities fall under CWE-121 (Stack-based Buffer Overflow) and ...
3 weeks ago Cybersecuritynews.com CVE-2025-5622

Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

Cyber News related to Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)