CVE-2025-52447

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19

Description An authorization bypass issue exists in Salesforce Tableau Server on Windows and Linux, specifically related to the set-initial-sql tabdoc command modules. This allows for interface manipulation, potentially granting data access to the production database cluster through a user-controlled key.

Recommendations Update Tableau Server to version 2025.1.3 or later. Update Tableau Server to version 2024.2.12 or later. Update Tableau Server to version 2023.3.19 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2025-09771

CVE-2025-52447

Affected Products

Tableau Server

CVE-2025-52447

Weakness Enumeration

Related Identifiers

Affected Products

References · 9