The vulnerabilities, revealed through a security advisory published on June 26, 2025, impact Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19, prompting urgent calls for immediate patching across enterprise environments. Three additional authorization bypass vulnerabilities (CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448), each scoring 8.0 on the CVSS scale, affect the tab-doc API modules, set-initial-sql tabdoc command modules, and validate-initial-sql API modules, respectively. These vulnerabilities exploit user-controlled keys to manipulate interfaces, granting unauthorized access to production database clusters containing sensitive organizational data. This flaw enables Remote Code Execution (RCE) through alternative execution methods due to deceptive filenames, potentially allowing attackers to gain complete system control. These vulnerabilities enable resource location spoofing, allowing attackers to manipulate server requests and potentially access internal systems. This improper limitation of pathname restrictions enables absolute path traversal attacks, potentially exposing sensitive files across the server filesystem through directory traversal techniques. The most severe vulnerability, CVE-2025-52449, carries a CVSS 3.1 base score of 8.5 and originates from unrestricted file upload capabilities within the Extensible Protocol Service modules. Enables remote code execution and unauthorized database access. Additionally, customers utilizing Trino (formerly Presto) drivers must update to the most recent driver version to ensure comprehensive protection. Salesforce strongly advises all Tableau Server customers to implement immediate remediation measures.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 06:10:24 +0000