Salesforce
CVE-2025-52454
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
AnalysisAI
Salesforce Tableau Server on Windows and Linux allows authenticated attackers with low privileges to conduct Server-Side Request Forgery attacks through the Amazon S3 Connector module, enabling resource location spoofing that could result in unauthorized access to internal systems and data exfiltration. Versions before 2025.1.3, 2024.2.12, and 2023.3.19 are affected. EPSS score of 0.04% (12th percentile) indicates minimal observed exploitation activity, and no public exploit has been identified at time of analysis.
Technical ContextAI
This vulnerability (CWE-918: Server-Side Request Forgery) resides in Tableau Server's Amazon S3 Connector modules across multiple version branches. The affected products are identified via CPE strings as cpe:2.3:a:tableau:tableau_server across Windows and Linux platforms. SSRF vulnerabilities occur when an application fetches remote resources without properly validating user-supplied URLs, allowing attackers to abuse the server as a proxy to access internal network resources, cloud metadata services (such as AWS EC2 instance metadata), or other systems that trust requests originating from the Tableau Server. The Amazon S3 Connector context suggests the flaw enables manipulation of S3 bucket URLs or endpoint specifications to redirect requests to attacker-controlled or internal targets.
RemediationAI
Upgrade Tableau Server to version 2025.1.3 or later for the 2025.1.x branch, version 2024.2.12 or later for the 2024.2.x branch, or version 2023.3.19 or later for the 2023.3.x branch as documented in the Salesforce security advisory at https://help.salesforce.com/s/articleView?id=005105043&type=1. Until patching is completed, implement network segmentation to restrict Tableau Server's outbound connectivity to only required S3 endpoints using allowlist-based firewall rules, monitor S3 connector usage for anomalous access patterns, and restrict user permissions to minimize the pool of authenticated users who could exploit the vulnerability. Review and audit existing S3 connector configurations to ensure they reference only legitimate, organization-controlled S3 buckets.
More in Salesforce
View allCVE-2024-58258 is a Server-Side Request Forgery (SSRF) vulnerability in SugarCRM's API module that exploits limited code
A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected sy
CVE-2025-43701 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows u
CVE-2025-43700 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows u
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio's DataMapper component that allows unauthent
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today