CVE-2025-52449: 
Tableau Server vulnerability analysis and mitigation

A critical security vulnerability (CVE-2025-52449) was discovered in Salesforce Tableau Server affecting Windows and Linux systems, specifically in the Extensible Protocol Service modules. The vulnerability was disclosed on July 25, 2025, and affects Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19 (NVD, Cybersecurity News).

The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type vulnerability that enables Remote Code Execution (RCE) through alternative execution methods due to deceptive filenames. It has received a CVSS 3.1 base score of 8.5 (High severity), with the following vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N (Cybersecurity News).

If exploited, the vulnerability allows attackers to gain complete system control through remote code execution capabilities. The high CVSS score indicates significant potential impact on system confidentiality and integrity, though availability is not affected (Cybersecurity News).

Salesforce strongly recommends immediate remediation by updating to the latest supported Maintenance Release within the current branch. The fixed versions are 2025.1.3, 2024.2.12, and 2023.3.19. Organizations running unsupported versions should upgrade to compatible supported versions to maintain access to critical security updates (Cybersecurity News).