Primary

Context

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability allowing absolute path traversal has been identified in Salesforce Tableau Server. This issue affects versions prior to 2025.1.3, 2024.2.12, and 2023.3.19 on both Windows and Linux. The vulnerability arises from improper limitation of pathnames to restricted directories, specifically in the 'tabdoc api - create-data-source-from-file-upload' modules.

Impact

Exploitation of this vulnerability allows for absolute path traversal, potentially leading to unauthorized access to files on the server.

Remediation

Users are advised to update Tableau Server to the latest supported maintenance release in their branch, available on the Tableau Server Maintenance Release page.

Added: Aug 22, 2025, 9:28 PM

Updated: Aug 22, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating