CVE-2025-52449 | THREATINT

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

PUBLISHED Reserved 2025-06-16 | Published 2025-07-25 | Updated 2026-02-26 | Assigner Salesforce

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

Any version before 2025.1.3

affected

Any version before 2024.2.12

affected

Any version before 2023.3.19

affected

References

help.salesforce.com/s/articleView?id=005105043&type=1

cve.org (CVE-2025-52449)

nvd.nist.gov (CVE-2025-52449)

Download JSON