Salesforce Vulnerabilities Expose Systems to RCE Attacks — Apply Patches Now

Salesforce has disclosed multiple critical security vulnerabilities affecting Tableau Server installations worldwide, with the most severe vulnerabilities enabling remote code execution and unauthorized database access.

The vulnerabilities, addressed in the June 26, 2025 maintenance release, pose significant risks to organizations using affected versions of the popular data visualization platform.

On July 25, 2025, Salesforce published details of eight critical vulnerabilities that impact Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19.

The security vulnerabilities span multiple attack vectors, including remote code execution (RCE), server-side request forgery (SSRF), local file exposure, and production database access via arbitrary SQL injection.

The vulnerabilities were initially communicated to Tableau Server portal administrators and security contacts via email on June 26, 2025, coinciding with the release of security patches.

The disclosure affects both Windows and Linux deployments of Tableau Server, making this a widespread security concern for enterprises relying on the platform for business intelligence and data analytics.

Security researchers have identified the most critical vulnerability as an unrestricted file upload vulnerability that allows attackers to execute malicious code remotely.

Additionally, multiple authorization bypass vulnerabilities enable unauthorized access to production database clusters, potentially exposing sensitive organizational data.

Salesforce Vulnerabilities

The vulnerability assessment reveals CVSS 3.1 base scores ranging from 8.0 to 8.5, indicating high to critical severity levels. The specific vulnerabilities include:

• CVE-2025-52449 (CVSS 8.5): Unrestricted file upload vulnerability affecting Extensible Protocol Service modules, enabling remote code execution through deceptive filenames.
  
• CVE-2025-52452 (CVSS 8.5): Path traversal vulnerability in tabdoc API duplicate-data-source modules, allowing absolute path traversal attacks.
  
• CVE-2025-52446, CVE-2025-52447, CVE-2025-52448 (CVSS 8.0 each): Authorization bypass vulnerabilities targeting tab-doc API, set-initial-sql tabdoc command, and validate-initial-sql modules, enabling unauthorized production database access.
  
• CVE-2025-52453 (CVSS 8.2): SSRF vulnerability in Flow Data Source modules enabling resource location spoofing.
  
• CVE-2025-52454 (CVSS 8.2): SSRF vulnerability affecting Amazon S3 Connector modules with resource location spoofing capabilities.
  
• CVE-2025-52455 (CVSS 8.1): SSRF vulnerability in EPS Server modules allowing resource location spoofing.

These vulnerabilities target critical system components and could be exploited in combination to create devastating attack chains, potentially compromising entire server environments and exposing sensitive organizational data.

Immediate Action Required

Salesforce strongly advises all Tableau Server customers to immediately upgrade to the most recent supported version available through the Tableau Server Maintenance Release page.

The urgency stems from the potential for these vulnerabilities to be exploited in combination, creating attack chains that could compromise entire server environments.

Organizations running unsupported versions face additional risks, as they may not receive future security updates. Salesforce recommends upgrading to compatible supported versions to ensure continuous security coverage and technical support access.

Customers utilizing Trino (formerly Presto) drivers must also update to the latest driver version as part of the remediation process.

The comprehensive nature of these vulnerabilities requires a systematic approach to patching, including verification of all integrated components and third-party connectors.

The disclosure underscores the critical importance of maintaining current software versions and implementing robust patch management processes for enterprise data platforms.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.