Introduction
Unauthorized access to production database clusters can result in significant data exposure and regulatory risk. CVE-2025-52446 is a high-severity vulnerability in Salesforce Tableau Server that allows attackers to bypass authorization controls using user-controlled keys, with direct impact on data security for organizations relying on Tableau for analytics.
About Tableau Server and Salesforce: Tableau Server is a leading enterprise analytics and data visualization platform, widely adopted by organizations for business intelligence and reporting. Acquired by Salesforce, Tableau serves thousands of enterprise customers and is a critical component in many data-driven environments. Salesforce is recognized for its rapid response to security issues and its broad impact on the global technology industry.
Technical Information
CVE-2025-52446 is an authorization bypass vulnerability in the tab-doc API modules of Tableau Server. The vulnerability is rooted in insufficient validation of user-controlled keys. Attackers can manipulate these keys or associated parameters to alter interface behavior, bypassing intended authorization checks. This can result in unauthorized access to sensitive data within the production database cluster.
The flaw is classified under CWE-639 (Authorization Bypass Through User-Controlled Key). The affected modules fail to properly enforce access controls when processing user-supplied input, enabling attackers to craft requests that grant them privileges or data access beyond their intended scope. No public code snippets or proof-of-concept details are available for this vulnerability.
Affected Systems and Versions
- Tableau Server on Windows and Linux
- Affected versions:
- All versions before 2025.1.3
- All versions before 2024.2.12
- All versions before 2023.3.19
- Vulnerable component: tab-doc API modules
Vendor Security History
Salesforce, as the parent company of Tableau, has a track record of addressing security issues promptly. Previous vulnerabilities in Tableau Server include:
- CVE-2025-26494: SSRF-enabled authentication bypass
- CVE-2025-43698: Field-level security bypass
Salesforce typically releases patches and advisories quickly for critical vulnerabilities and provides detailed remediation guidance to customers.