CVE-2025-52450

Published Aug 22, 2025

Last updated 5 months ago

CVSS medium 6.5

Overview

Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
Source
security@salesforce.com
NVD status
Analyzed
Products
tableau_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@salesforce.com
CWE-22
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2025-52450 Path Traversal Vulnerability in Salesforce Tableau Server Across Multipl... https://t.co/pxIO0r68pZ Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    23 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-52450 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-s… https://t.co/m4PwRpivoE

    @CVEnew

    22 Aug 2025

    379 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.CVE-2025-52451
  2. Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.CVE-2025-26497
  3. Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.CVE-2025-26496
  4. Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.CVE-2025-52455
  5. Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.CVE-2025-52454

References

Sources include official advisories and independent security research.