CVE-2025-52447
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-10-31
Assigner: Salesforce, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| tableau | tableau_server | to 2023.3.19 (exc) |
| tableau | tableau_server | From 2024.2 (inc) to 2024.2.12 (exc) |
| tableau | tableau_server | From 2025.1 (inc) to 2025.1.3 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authorization Bypass Through User-Controlled Key in Salesforce Tableau Server on Windows and Linux. It involves the set-initial-sql tabdoc command modules, allowing an attacker to manipulate the interface and gain unauthorized access to data in the production database cluster.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive production database data, potentially exposing confidential information and compromising data integrity. It poses a high confidentiality and integrity risk but does not affect availability.