CVE-2025-52452 is a path traversal vulnerability (CWE-22) identified in Salesforce Tableau Server, specifically affecting the tabdoc API's duplicate-data-source modules on both Windows and Linux platforms. This vulnerability allows an attacker to perform absolute path traversal by improperly limiting the pathname to restricted directories. Essentially, the application fails to adequately sanitize or validate user-supplied input that specifies file paths, enabling an attacker to access files and directories outside the intended restricted scope. This can lead to unauthorized access to sensitive files on the server's filesystem. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. However, path traversal vulnerabilities are generally considered serious because they can lead to information disclosure, potential privilege escalation, or further exploitation depending on the files accessed and the server configuration. Since Tableau Server is a widely used enterprise analytics platform, exploitation could expose sensitive business intelligence data or configuration files, potentially compromising confidentiality and integrity of organizational data.

For European organizations using Salesforce Tableau Server, this vulnerability poses a significant risk to the confidentiality and integrity of their data. Tableau Server often hosts critical business intelligence reports and data visualizations that may contain sensitive or proprietary information. Exploitation of this path traversal flaw could allow attackers to read arbitrary files on the server, including configuration files, credentials, or data extracts, which could lead to data breaches or lateral movement within the network. Given the GDPR and other stringent data protection regulations in Europe, unauthorized data disclosure could result in severe regulatory penalties and reputational damage. Additionally, if attackers gain access to configuration files or scripts, they might further compromise the server or pivot to other internal systems. The availability impact is generally limited unless the attacker uses the access to disrupt services or delete files, but the primary concern remains unauthorized data access.

European organizations should prioritize updating Salesforce Tableau Server to the latest patched versions: 2025.1.3, 2024.2.12, or 2023.3.19 or later, as these versions address the vulnerability. Until patches are applied, organizations should implement strict network segmentation and access controls to limit exposure of Tableau Server to trusted users only. Employing Web Application Firewalls (WAFs) with custom rules to detect and block path traversal patterns in requests targeting the tabdoc API can provide temporary protection. Additionally, administrators should audit and restrict file system permissions for the Tableau Server process to minimize the impact of any unauthorized file access. Monitoring server logs for suspicious file access attempts and unusual API usage can help detect exploitation attempts early. Finally, organizations should review and harden their overall Tableau Server deployment, including disabling unnecessary modules or APIs that are not in use, to reduce the attack surface.