A significant security concern has emerged following the disclosure of eight serious vulnerabilities in Tableau Server, which were revealed and afterward patched in the June 26, 2025 release by Salesforce. The vulnerabilities affect multiple Tableau Server versions, including releases prior to 2025.1.3 and 2023.3.5, necessitating immediate action from affected organizations. The disclosed flaws were assigned CVSS scores ranging from 7.7 to 8.5, indicating their high levels of severity and potential for exploitation. Additionally, the severity level of 7.7 out of 10 highlights the urgent need for organizations to address these vulnerabilities promptly.
Among the vulnerabilities are those allowing unauthorized database access via arbitrary SQL, particularly CVE-2025-52446, CVE-2025-52447, and CVE-2025-52448. These flaws allow attackers to bypass authorization controls, leading to session-level manipulation and execution of unauthorized SQL statements on production databases. As a result, attackers potentially gain heightened privileges, posing a substantial risk of critical data exfiltration or tampering.
The most severe vulnerability, CVE-2025-52449, permits remote code execution through malicious file uploads, presenting a direct line for complete system compromise. This issue resides within the Tableau Extensible Protocol Service, which lacks the necessary validation for uploaded file integrity. Attackers may gain full control over the affected server instances, making it crucial for organizations to apply the recommended patches without delay.
The CVE-2025-52449 vulnerability exposes systems to remote code execution, allowing attackers to gain full control through malicious file uploads.
Additionally, CVE-2025-26494 comprises a server-side request forgery (SSRF) flaw, affecting versions 2023.3 to 2023.3.5. This vulnerability allows attackers to send crafted requests to internal servers, granting unauthorized access to privileged resources. The risk of lateral movement within the Tableau Server environment emphasizes the importance of immediate patching. Vulnerabilities include(the importance of updating to the latest release) both Windows and Linux Tableau Server installations, amplifying the threats if security configurations are not adequately hardened. As a result, organizations must adopt security hardening practices, including limiting user privileges and regulating access to sensitive configurations.
The consequence of exploitation could lead to production database compromise, system takeover, and significant data breaches, rendering timely intervention vital.
