CVE-2025-52454

HIGH
2025-07-25 [email protected]
8.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 23, 2026 - 21:22 vuln.today
CVE Published
Jul 25, 2025 - 19:15 nvd
HIGH 8.2

Tags

Salesforce SSRF Windows Linux Aws Tableau Server

Description

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Analysis

Salesforce Tableau Server on Windows and Linux allows authenticated attackers with low privileges to conduct Server-Side Request Forgery attacks through the Amazon S3 Connector module, enabling resource location spoofing that could result in unauthorized access to internal systems and data exfiltration. Versions before 2025.1.3, 2024.2.12, and 2023.3.19 are affected. EPSS score of 0.04% (12th percentile) indicates minimal observed exploitation activity, and no public exploit has been identified at time of analysis.

Technical Context

This vulnerability (CWE-918: Server-Side Request Forgery) resides in Tableau Server's Amazon S3 Connector modules across multiple version branches. The affected products are identified via CPE strings as cpe:2.3:a:tableau:tableau_server across Windows and Linux platforms. SSRF vulnerabilities occur when an application fetches remote resources without properly validating user-supplied URLs, allowing attackers to abuse the server as a proxy to access internal network resources, cloud metadata services (such as AWS EC2 instance metadata), or other systems that trust requests originating from the Tableau Server. The Amazon S3 Connector context suggests the flaw enables manipulation of S3 bucket URLs or endpoint specifications to redirect requests to attacker-controlled or internal targets.

Affected Products

Tableau Server versions prior to 2025.1.3, versions prior to 2024.2.12 in the 2024.2.x branch, and versions prior to 2023.3.19 in the 2023.3.x branch are affected on both Windows and Linux platforms. The vulnerability specifically impacts deployments using the Amazon S3 Connector modules. Affected products are identified via CPE as cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* across multiple version ranges. Complete vendor advisory details are available at https://help.salesforce.com/s/articleView?id=005105043&type=1.

Remediation

Upgrade Tableau Server to version 2025.1.3 or later for the 2025.1.x branch, version 2024.2.12 or later for the 2024.2.x branch, or version 2023.3.19 or later for the 2023.3.x branch as documented in the Salesforce security advisory at https://help.salesforce.com/s/articleView?id=005105043&type=1. Until patching is completed, implement network segmentation to restrict Tableau Server's outbound connectivity to only required S3 endpoints using allowlist-based firewall rules, monitor S3 connector usage for anomalous access patterns, and restrict user permissions to minimize the pool of authenticated users who could exploit the vulnerability. Review and audit existing S3 connector configurations to ensure they reference only legitimate, organization-controlled S3 buckets.

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +41
POC: 0

Share

CVE-2025-52454 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy