CVE-2025-52449
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-10-31
Assigner: Salesforce, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| tableau | tableau_server | to 2023.3.19 (exc) |
| tableau | tableau_server | From 2024.2 (inc) to 2024.2.12 (exc) |
| tableau | tableau_server | From 2025.1 (inc) to 2025.1.3 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server on Windows and Linux. It allows an attacker to execute alternative code remotely by uploading files with deceptive filenames, leading to remote code execution (RCE). It affects versions of Tableau Server before 2025.1.3, 2024.2.12, and 2023.3.19.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution, allowing an attacker to run malicious code on the affected Tableau Server. This can compromise the confidentiality and integrity of data, potentially leading to unauthorized access or manipulation of sensitive information.