CVE-2025-52446

Published: Jul 25, 2025Modified: Oct 31, 2025

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Affected (3)

Products: Tableau: Tableau Server

1 product

Configuration A

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Tableau Tableau Server	Before 2023.3.19
Tableau Tableau Server	From 2024.2 to 2024.2.12
Tableau Tableau Server	From 2025.1 to 2025.1.3

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://help.salesforce.com/s/articleView?id=005105043&type=1

Source: security@salesforce.com

Vendor Advisory

Timeline

No history available yet.