CVE-2025-52450 is a path traversal vulnerability (CWE-22) identified in Salesforce Tableau Server, specifically affecting the abdoc api's create-data-source-from-file-upload modules on Windows and Linux platforms. This vulnerability allows an attacker to perform absolute path traversal, meaning they can manipulate file paths to access files and directories outside the intended restricted directory. This occurs due to improper limitation or validation of pathname inputs, enabling unauthorized access to arbitrary files on the server's filesystem. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19. Since Tableau Server is widely used for business intelligence and data visualization, unauthorized file access could expose sensitive configuration files, credentials, or other critical data. Although no known exploits are currently reported in the wild, the vulnerability's nature makes it a significant risk if weaponized. The lack of a CVSS score indicates the need for an expert severity assessment based on the vulnerability's characteristics and potential impact.

For European organizations, this vulnerability poses a substantial risk to confidentiality and integrity of sensitive business data. Tableau Server often hosts critical analytics and data sources that support decision-making processes. Exploitation could lead to unauthorized disclosure of confidential data, including personally identifiable information (PII), financial records, or proprietary business intelligence. Additionally, attackers might modify or delete files, impacting data integrity and availability of Tableau services. Given the GDPR regulatory environment in Europe, any data breach resulting from this vulnerability could lead to significant legal and financial penalties. The vulnerability's exploitation could also undermine trust in data governance and analytics platforms, affecting operational continuity and competitive advantage.

European organizations should prioritize upgrading Tableau Server to versions 2025.1.3, 2024.2.12, or 2023.3.19 or later, where this vulnerability is addressed. In environments where immediate patching is not feasible, organizations should implement strict input validation and sanitization on file upload endpoints, particularly restricting file path inputs to prevent traversal sequences (e.g., '..\' or '../'). Employing application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block path traversal attempts can provide additional protection. Regularly audit and monitor server file access logs for unusual activity indicative of exploitation attempts. Restrict Tableau Server file system permissions to the minimum necessary, ensuring the server process cannot access sensitive directories outside its scope. Finally, conduct thorough security testing and vulnerability scanning focused on file upload functionalities to identify and remediate similar issues proactively.