Loading

CVE's for various vulnerabilities impacting some versions of Tableau Server and Tableau Desktop

Дата публикации: Aug 22, 2025
Описание

Salesforce Security identified and resolved multiple vulnerabilities in Tableau Server as part of a proactive security assessment. Fixes for these issues were included in the July Maintenance Release, published on July 22, 2025.

The vulnerabilities included:

  • Access of Resource Using Incompatible Type ('Type Confusion') 

  • Unrestricted Upload of File with Dangerous Type

  • Improper Limitation of a Pathname to a Restricted Directory

  • Improper Input Validation

This issue affects Tableau Server versions: before 2025.1.3, before 2024.2.12, before 2023.3.19.

All Tableau Server customers are strongly advised to upgrade to the most recent supported version. More information on each vulnerability is provided below. 

CVE-2025-26496 - Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server & Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion. This issue affects Tableau Server & Tableau Desktop: before 2025.1.4, before 2024.2.13, before 2023.3.20

CVSSv3 Score: 9.6

 

CVE-2025-26497- Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.4, before 2024.2.13, before 2023.3.20. CVSSv3 Score: 7.7

CVE-2025-26498 - Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.4, before 2024.2.13, before 2023.3.20. CVSSv3 Score: 7.7

CVE-2025-52450 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.4, before 2024.2.13, before 2023.3.20. CVSSv3 Score: 8.5

CVE-2025-52451 - Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.4, before 2024.2.13, before 2023.3.20. CVSSv3 Score: 8.5

Решение

Customers should:

Update Tableau Server to the latest supported Maintenance Release in your branch, which can be downloaded from the Tableau Server Maintenance Release page.

Номер статьи базы знаний

005132575

 
Загрузка
Salesforce Help | Article