Primary

Context

Salesforce Tableau Server and Desktop Type Confusion Vulnerability Allowing Local Code Inclusion

Vulnerability

Patched

A type confusion vulnerability has been identified in Salesforce Tableau Server and Tableau Desktop on Windows and Linux. This vulnerability, present in versions prior to Tableau Server 2025.1.3, 2024.2.12, and 2023.3.19, allows local code inclusion by exploiting incompatible type handling. The issue arises within the File Upload modules of both Tableau Server and Tableau Desktop.

Impact

Exploitation of this vulnerability could lead to local code inclusion, allowing an attacker to execute arbitrary code on the affected system.

Remediation

Users are advised to update Tableau Server and Tableau Desktop to the latest supported versions. Tableau Server updates can be downloaded from the Tableau Server Maintenance Release page.

Added: Aug 22, 2025, 9:24 PM

Updated: Aug 22, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server and Desktop Type Confusion Vulnerability Allowing Local Code Inclusion

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

Salesforce Tableau Desktop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating