CVE-2025-52449

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-52449
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

8.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.8

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://help.salesforce.com/s/articleView?id=005105043&type=1 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

31 Oct 2025, 19:23

Type Values Removed Values Added
References () https://help.salesforce.com/s/articleView?id=005105043&type=1 - () https://help.salesforce.com/s/articleView?id=005105043&type=1 - Vendor Advisory
First Time Microsoft
Tableau
Linux
Microsoft windows
Linux linux Kernel
Tableau tableau Server
CPE cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

29 Jul 2025, 14:14

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Salesforce Tableau Server para Windows y Linux (módulos de Servicio de Protocolo Extensible) permite la ejecución alternativa debido a nombres de archivo engañosos (RCE). Este problema afecta a Tableau Server: versiones anteriores a 2025.1.3, 2024.2.12 y 2023.3.19.

25 Jul 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.5

25 Jul 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-25 19:15

Updated : 2025-10-31 19:23

NVD link : CVE-2025-52449

Mitre link : CVE-2025-52449

CVE.ORG link : CVE-2025-52449

JSON object : View

Products Affected

tableau

  • tableau_server

linux

  • linux_kernel

microsoft

  • windows
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type