VDB
CVE-2025-26495
CVE-2025-26495
PUBLISHED
CVSS 7.5 HIGH
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.
EPSS 0.12% · 30.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tableau | tableau_server | 2021.3, 2020.4, 2021.2 |
| Salesforce | Tableau Server | 0, 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-26495 (circl-sighting)
- CIRCL seen: CVE-2025-26495 (circl-sighting)
- CIRCL seen: CVE-2025-26495 (circl-sighting)
- https://help.salesforce.com/s/articleView?id=000390611&type=1 (circl)
Timeline
- Feb 11, 2025 Coalition ESS Score
- Feb 11, 2025 CVE ID Reserved
- Feb 11, 2025 CVE Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 12, 2025 EPSS Score
- Feb 27, 2025 EPSS Score
- Mar 3, 2025 Coalition ESS Score
- Mar 4, 2025 Coalition ESS Score
- Mar 4, 2025 CVE Updated
- Mar 13, 2025 EPSS Score