Primary

Context

Salesforce Tableau Server Server-Side Request Forgery Vulnerability in Amazon S3 Connector Modules

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Salesforce Tableau Server on both Windows and Linux platforms, specifically within the Amazon S3 Connector modules. This vulnerability allows for Resource Location Spoofing. Affected Tableau Server versions include those prior to 2025.1.3, 2024.2.12, and 2023.3.19.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, with the potential for Resource Location Spoofing.

Remediation

Users are advised to update Tableau Server to the latest supported Maintenance Release in their branch. This update can be downloaded from the Tableau Server Maintenance Release page. Additionally, customers with a Trino (formerly Presto) driver installed should update their driver to the latest version.

Added: Jul 25, 2025, 7:50 PM

Updated: Jul 25, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Server-Side Request Forgery Vulnerability in Amazon S3 Connector Modules

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating