CVE-2025-52449

Published: Jul 25, 2025Modified: Oct 31, 2025

8.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Affected (3)

Products: Tableau: Tableau Server

1 product

Configuration A

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Tableau Tableau Server	Before 2023.3.19
Tableau Tableau Server	From 2024.2 to 2024.2.12
Tableau Tableau Server	From 2025.1 to 2025.1.3

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://help.salesforce.com/s/articleView?id=005105043&type=1

Source: security@salesforce.com

Vendor Advisory

Timeline

No history available yet.