CVE-2025-52449

High CVSS: 8.5

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Vendor

Tableau

Product

Tableau Server

CWE

CWE-434

Yayın Tarihi

2025-07-25 19:15:40

Güncelleme

2025-10-31 19:23:27

Source Identifier

security@salesforce.com

KEV Date Added

Kategoriler

CWE-434 Tableau Server HIGH Tableau 2025

Referanslar

https://help.salesforce.com/s/articleView?id=005105043&type=1

Benzer Kayıtlar

Medium

CVE-2025-52450

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Serve…

High

CVE-2025-52451

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-…

Critical

CVE-2025-26496

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Deskto…

High

CVE-2025-26497

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Edito…

High

CVE-2025-26498

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-…

High

CVE-2025-52453

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source module…