PT-2025-34490 · Salesforce · Tableau Desktop+1
Published
2025-08-22
·
Updated
2025-11-04
·
CVE-2025-26496
CVSS v3.1
9.3
Critical
| Vector | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Tableau Server and Tableau Desktop versions prior to 2025.1.3
Tableau Server and Tableau Desktop versions prior to 2024.2.12
Tableau Server and Tableau Desktop versions prior to 2023.3.19
Description:
A 'Type Confusion' vulnerability exists in Salesforce Tableau Server and Tableau Desktop on Windows and Linux within the File Upload modules. This vulnerability allows for Local Code Inclusion, potentially enabling attackers to upload malicious files and execute arbitrary code. Approximately 169,926 systems are potentially exposed, as indicated by ZoomEye search results.
Recommendations:
Tableau Server and Tableau Desktop versions prior to 2025.1.3: Upgrade to version 2025.1.3 or later.
Tableau Server and Tableau Desktop versions prior to 2024.2.12: Upgrade to version 2024.2.12 or later.
Tableau Server and Tableau Desktop versions prior to 2023.3.19: Upgrade to version 2023.3.19 or later.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tableau Desktop
Tableau Server