Skip to main content

Windows CVE-2025-52454

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2025-07-25 security@salesforce.com
Windows Linux SSRF AWS Salesforce Tableau Server
8.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 23, 2026 - 21:22 vuln.today
CVE Published
Jul 25, 2025 - 19:15 nvd
HIGH 8.2

DescriptionNVD

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

AnalysisAI

Salesforce Tableau Server on Windows and Linux allows authenticated attackers with low privileges to conduct Server-Side Request Forgery attacks through the Amazon S3 Connector module, enabling resource location spoofing that could result in unauthorized access to internal systems and data exfiltration. Versions before 2025.1.3, 2024.2.12, and 2023.3.19 are affected. EPSS score of 0.04% (12th percentile) indicates minimal observed exploitation activity, and no public exploit has been identified at time of analysis.

Technical ContextAI

This vulnerability (CWE-918: Server-Side Request Forgery) resides in Tableau Server's Amazon S3 Connector modules across multiple version branches. The affected products are identified via CPE strings as cpe:2.3:a:tableau:tableau_server across Windows and Linux platforms. SSRF vulnerabilities occur when an application fetches remote resources without properly validating user-supplied URLs, allowing attackers to abuse the server as a proxy to access internal network resources, cloud metadata services (such as AWS EC2 instance metadata), or other systems that trust requests originating from the Tableau Server. The Amazon S3 Connector context suggests the flaw enables manipulation of S3 bucket URLs or endpoint specifications to redirect requests to attacker-controlled or internal targets.

RemediationAI

Upgrade Tableau Server to version 2025.1.3 or later for the 2025.1.x branch, version 2024.2.12 or later for the 2024.2.x branch, or version 2023.3.19 or later for the 2023.3.x branch as documented in the Salesforce security advisory at https://help.salesforce.com/s/articleView?id=005105043&type=1. Until patching is completed, implement network segmentation to restrict Tableau Server's outbound connectivity to only required S3 endpoints using allowlist-based firewall rules, monitor S3 connector usage for anomalous access patterns, and restrict user permissions to minimize the pool of authenticated users who could exploit the vulnerability. Review and audit existing S3 connector configurations to ensure they reference only legitimate, organization-controlled S3 buckets.

More from same product – last 7 days

CVE-2026-47334 MEDIUM
5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect
CVE-2026-47335 MEDIUM
5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic
CVE-2026-47327 LOW
3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th
CVE-2026-47337 LOW
3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local
CVE-2026-45844
May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

Share

CVE-2025-52454 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy