VDB

CVE-2025-52449

CVE-2025-52449 PUBLISHED CVSS 9.300000190734863 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

EPSS 0.09% · 25.0th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.09%
25.0th percentile

Affected Products

VendorProductVersions
SalesforceTableau Server0, 0, 0
tableautableau_server0, 2024.2, 2025.1

Timeline

  • Jul 25, 2025 CVE Published
  • Jul 26, 2025 EPSS Score
  • Aug 4, 2025 EPSS Score
  • Aug 13, 2025 EPSS Score
  • Aug 22, 2025 EPSS Score
  • Aug 31, 2025 EPSS Score
  • Sep 8, 2025 EPSS Score
  • Sep 17, 2025 EPSS Score
  • Sep 26, 2025 EPSS Score
  • Oct 5, 2025 EPSS Score
  • Oct 14, 2025 EPSS Score
  • Oct 23, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›