CVE-2025-52451
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-10-30

Assigner: Salesforce, Inc.

Description
Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52451
EUVD
EUVD-2025-28433
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
tableau tableau_server to 2023.3.19 (exc)
tableau tableau_server From 2024.2 (inc) to 2024.2.12 (exc)
tableau tableau_server From 2025.1 (inc) to 2025.1.3 (exc)
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Input Validation issue in Salesforce Tableau Server on Windows and Linux platforms, specifically in the tabdoc API's create-data-source-from-file-upload modules. It allows an attacker to perform Absolute Path Traversal, meaning they can potentially access files and directories outside the intended scope by manipulating file paths.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive files and data on the affected Tableau Server systems. Since it allows Absolute Path Traversal, an attacker could read or access critical information, potentially compromising confidentiality and integrity of data. The CVSS score indicates high impact on confidentiality and integrity but no impact on availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52451. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart