CVE-2025-26497

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19

Description: Tableau Server is susceptible to an unrestricted file upload issue within the Flow Editor modules, potentially leading to absolute path traversal. This allows malicious actors to upload files of dangerous types.

Recommendations: Update Tableau Server to version 2025.1.3 or later. Update Tableau Server to version 2024.2.12 or later. Update Tableau Server to version 2023.3.19 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-26497

Affected Products

Tableau Server

CVE-2025-26497

Weakness Enumeration

Related Identifiers

Affected Products

References · 6