VDB
CVE-2025-52449
CVE-2025-52449
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
EPSS 0.09% · 25.0th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.09%
25.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Salesforce | Tableau Server | 0, 0, 0 |
| tableau | tableau_server | 0, 2024.2, 2025.1 |
Timeline
- Jul 25, 2025 CVE Published
- Jul 26, 2025 EPSS Score
- Aug 4, 2025 EPSS Score
- Aug 13, 2025 EPSS Score
- Aug 22, 2025 EPSS Score
- Aug 31, 2025 EPSS Score
- Sep 8, 2025 EPSS Score
- Sep 17, 2025 EPSS Score
- Sep 26, 2025 EPSS Score
- Oct 5, 2025 EPSS Score
- Oct 14, 2025 EPSS Score
- Oct 23, 2025 EPSS Score