Primary

Context

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Patched

A vulnerability allowing absolute path traversal has been identified in Salesforce Tableau Server on Windows and Linux. This issue arises from improper input validation in the 'tabdoc api - create-data-source-from-file-upload' modules, allowing attackers to traverse directories and access restricted files. The vulnerability affects Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19.

Impact

Exploitation of this vulnerability allows for absolute path traversal, potentially leading to unauthorized access to files on the server.

Remediation

Users are advised to update Tableau Server to the latest supported maintenance release in their branch, available on the Tableau Server Maintenance Release page.

Added: Aug 22, 2025, 9:20 PM

Updated: Aug 22, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.3

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.3

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating