PT-2025-30926 · Tableau · Tableau Server
Published
2025-06-26
·
Updated
2025-10-31
·
CVE-2025-52453
CVSS v3.1
8.2
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Tableau Server versions prior to 2025.1.3
Tableau Server versions prior to 2024.2.12
Tableau Server versions prior to 2023.3.19
Description
The issue is a Server-Side Request Forgery (SSRF) in the Flow Data Source modules of Tableau Server on Windows and Linux. Successful exploitation allows an attacker to perform Resource Location Spoofing. SSRF occurs when a server-side application fetches a remote resource without validating the provided URL. This can allow an attacker to cause the server to make requests to unintended locations, potentially exposing sensitive data or performing actions on behalf of the server.
Recommendations
Tableau Server versions prior to 2025.1.3 should be updated.
Tableau Server versions prior to 2024.2.12 should be updated.
Tableau Server versions prior to 2023.3.19 should be updated.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tableau Server