CVE-2025-26494 — Vulnetix

CVE-2025-26494 PUBLISHED CVSS 7.699999809265137 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.

EPSS 0.05% · 17.1th percentile

Risk Scores

CVSS v3.1

7.699999809265137

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.05%

17.1th percentile

Affected Products

Vendor	Product	Versions
tableau	tableau_server	2023.3
Salesforce	Tableau Server	2023.3

Timeline

Feb 11, 2025 Coalition ESS Score
Feb 11, 2025 CVE ID Reserved
Feb 11, 2025 CVE Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 12, 2025 EPSS Score
Feb 19, 2025 CVE Updated
Feb 20, 2025 Coalition ESS Score
Feb 27, 2025 EPSS Score
Mar 4, 2025 Coalition ESS Score
Mar 13, 2025 EPSS Score
Mar 28, 2025 EPSS Score

References

https://help.salesforce.com/s/articleView?id=001534936&type=1 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-26494 advisory

Open in Interactive Console →