Primary

Context

Salesforce Tableau Server Resource Location Spoofing Vulnerability via Server-Side Request Forgery

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Salesforce Tableau Server on Windows and Linux, specifically within the Flow Data Source modules. This vulnerability allows for resource location spoofing and is present in Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19.

Impact

Exploitation of this vulnerability could lead to resource location spoofing, allowing an attacker to manipulate or intercept requests to certain resources.

Remediation

Users are advised to update Tableau Server to the latest supported Maintenance Release in their branch. This update can be downloaded from the Tableau Server Maintenance Release page. Additionally, customers with a Trino (formerly Presto) driver installed should update their driver to the latest version.

Added: Jul 25, 2025, 7:52 PM

Updated: Jul 25, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Resource Location Spoofing Vulnerability via Server-Side Request Forgery

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating