CVE-2025-52451: 
Tableau Server vulnerability analysis and mitigation

Improper Input Validation vulnerability (CVE-2025-52451) affects Salesforce Tableau Server on Windows and Linux platforms, specifically in the tabdoc API's create-data-source-from-file-upload modules. The vulnerability was disclosed on August 22, 2025, and impacts Tableau Server versions before 2025.1.3, before 2024.2.12, and before 2023.3.19. The vulnerability has been assigned a CVSS v3.1 base score of 8.5 (High) (NVD, GBHackers).

The vulnerability is classified as an Improper Input Validation (CWE-20) issue that allows Absolute Path Traversal. The CVSS v3.1 vector string is AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N, indicating adjacent network attack vector, low attack complexity, no privileges required, user interaction required, changed scope, and high impact on confidentiality and integrity with no impact on availability (NVD).

The vulnerability could allow attackers to perform absolute path traversal through improper input validation in the file upload functionality. This could potentially lead to unauthorized access to files and directories outside the intended scope, affecting both confidentiality and integrity of the system (GBHackers).

Salesforce has addressed this vulnerability in the following versions: Tableau Server 2025.1.3, 2024.2.12, and 2023.3.19. Organizations are strongly advised to upgrade to these or later versions to mitigate the vulnerability. The fixes were included in maintenance releases published on July 22, 2025 (GBHackers).