CVE-2025-52449

{"id": "CVE-2025-52449", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.1}]}, "published": "2025-07-25T19:15:40.743", "references": [{"url": "https://help.salesforce.com/s/articleView?id=005105043&type=1", "source": "security@salesforce.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@salesforce.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19."}, {"lang": "es", "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Salesforce Tableau Server para Windows y Linux (m\u00f3dulos de Servicio de Protocolo Extensible) permite la ejecuci\u00f3n alternativa debido a nombres de archivo enga\u00f1osos (RCE). Este problema afecta a Tableau Server: versiones anteriores a 2025.1.3, 2024.2.12 y 2023.3.19."}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "security@salesforce.com"}