Primary

Context

Salesforce Tableau Server Absolute Path Traversal Vulnerability via Unrestricted File Upload

Vulnerability

Patched

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in Salesforce Tableau Server. This issue, present in versions prior to 2025.1.3, 2024.2.12, and 2023.3.19, affects both Windows and Linux platforms, specifically within the Flow Editor modules. The vulnerability allows absolute path traversal, potentially leading to unauthorized access or manipulation of files on the server.

Impact

Exploitation of this vulnerability could result in absolute path traversal, allowing attackers to access or modify files outside of the intended directory restrictions.

Remediation

Users are advised to update Tableau Server to the latest supported maintenance release in their branch, available on the Tableau Server Maintenance Release page.

Added: Aug 22, 2025, 9:23 PM

Updated: Aug 22, 2025, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Absolute Path Traversal Vulnerability via Unrestricted File Upload

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating