CVE-2025-52449
Last modified
CVE-2025-52449 is a high-severity vulnerability rated 8.5/10 on the CVSS scale. Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tableau | Tableau Server | < 2023.3.19 |
| Tableau | Tableau Server | >= 2024.2, < 2024.2.12 |
| Tableau | Tableau Server | >= 2025.1, < 2025.1.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-52449?
How severe is CVE-2025-52449?
How do I fix CVE-2025-52449?
Are you affected by CVE-2025-52449?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST