Volerion logoVolerion
Volerion logoVolerion

Salesforce Tableau Server Authorization Bypass Vulnerability Allowing Production Database Access

Vulnerability

A vulnerability allowing authorization bypass through user-controlled keys has been identified in Salesforce Tableau Server. This issue affects versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, on both Windows and Linux platforms, specifically within the tab-doc API modules. The vulnerability allows for interface manipulation, granting unauthorized access to the production database cluster.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of data in the production database cluster.

Remediation

Users are advised to update Tableau Server to the latest supported maintenance release for their branch. The update can be downloaded from the Tableau Server Maintenance Release page. Additionally, customers with a Trino (formerly Presto) driver installed should update their driver to the latest version.

Added: Jul 25, 2025, 8:04 PM
Updated: Jul 25, 2025, 8:04 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
5.0
exploitability
7.4
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.