Primary

Context

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability allowing absolute path traversal has been identified in Salesforce Tableau Server. This issue affects versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, on both Windows and Linux platforms, specifically within the tabdoc API's duplicate-data-source modules.

Impact

Exploitation of this vulnerability allows for absolute path traversal, potentially leading to unauthorized access to files and directories on the server.

Remediation

Users are advised to update Tableau Server to the latest supported maintenance release for their branch. The latest version can be downloaded from the Tableau Server Maintenance Release page. Additionally, customers with a Trino driver installed should update to the latest version.

Added: Jul 25, 2025, 7:54 PM

Updated: Jul 25, 2025, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.8

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.8

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Absolute Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating