Tableau Server CVE-2025-52446 Authorization Bypass: Brief Summary and Technical Review

A brief summary of CVE-2025-52446, an authorization bypass in Salesforce Tableau Server affecting specific versions. This post covers technical details, affected versions, and vendor security history based on available information.
CVE Analysis

6 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-07-25

Tableau Server CVE-2025-52446 Authorization Bypass: Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Unauthorized access to production database clusters can result in significant data exposure and regulatory risk. CVE-2025-52446 is a high-severity vulnerability in Salesforce Tableau Server that allows attackers to bypass authorization controls using user-controlled keys, with direct impact on data security for organizations relying on Tableau for analytics.

About Tableau Server and Salesforce: Tableau Server is a leading enterprise analytics and data visualization platform, widely adopted by organizations for business intelligence and reporting. Acquired by Salesforce, Tableau serves thousands of enterprise customers and is a critical component in many data-driven environments. Salesforce is recognized for its rapid response to security issues and its broad impact on the global technology industry.

Technical Information

CVE-2025-52446 is an authorization bypass vulnerability in the tab-doc API modules of Tableau Server. The vulnerability is rooted in insufficient validation of user-controlled keys. Attackers can manipulate these keys or associated parameters to alter interface behavior, bypassing intended authorization checks. This can result in unauthorized access to sensitive data within the production database cluster.

The flaw is classified under CWE-639 (Authorization Bypass Through User-Controlled Key). The affected modules fail to properly enforce access controls when processing user-supplied input, enabling attackers to craft requests that grant them privileges or data access beyond their intended scope. No public code snippets or proof-of-concept details are available for this vulnerability.

Affected Systems and Versions

  • Tableau Server on Windows and Linux
  • Affected versions:
    • All versions before 2025.1.3
    • All versions before 2024.2.12
    • All versions before 2023.3.19
  • Vulnerable component: tab-doc API modules

Vendor Security History

Salesforce, as the parent company of Tableau, has a track record of addressing security issues promptly. Previous vulnerabilities in Tableau Server include:

  • CVE-2025-26494: SSRF-enabled authentication bypass
  • CVE-2025-43698: Field-level security bypass

Salesforce typically releases patches and advisories quickly for critical vulnerabilities and provides detailed remediation guidance to customers.

References

Detect & fix
what others miss