CVE-2025-52453: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
AI Analysis
Technical Summary
CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the Flow Data Source modules on Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to make unintended requests to internal or external resources, potentially bypassing network access controls. In this case, the vulnerability allows an attacker to perform Resource Location Spoofing, which means the attacker can trick the Tableau Server into fetching resources from locations of their choosing. This can lead to unauthorized internal network scanning, data exfiltration, or interaction with internal services that are otherwise inaccessible externally. The affected versions include all releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating multiple branches of Tableau Server are impacted. No public exploits are currently known, and no CVSS score has been assigned yet. However, the vulnerability is significant because Tableau Server is often deployed in enterprise environments with access to sensitive business intelligence data and internal networks. Exploitation could allow attackers to pivot within an organization’s infrastructure or access sensitive data indirectly through the server. The vulnerability is categorized under CWE-918, which highlights the risk of SSRF leading to unauthorized resource access or network reconnaissance. Since Tableau Server is a critical analytics platform, this SSRF flaw could be leveraged to compromise confidentiality and integrity of data, as well as availability if used to trigger denial-of-service conditions.
Potential Impact
For European organizations, the impact of this SSRF vulnerability in Salesforce Tableau Server could be substantial. Many enterprises, including financial institutions, healthcare providers, and government agencies across Europe, rely on Tableau Server for data visualization and decision-making. An SSRF exploit could enable attackers to bypass perimeter defenses and access internal services, potentially exposing sensitive personal data protected under GDPR. This could lead to data breaches, regulatory penalties, and reputational damage. Additionally, attackers might use the vulnerability to perform lateral movement within corporate networks, increasing the risk of further compromise or ransomware deployment. The disruption of Tableau Server services could also impact business continuity and operational efficiency. Given the widespread adoption of Tableau Server in Europe and the critical nature of the data it processes, the vulnerability poses a high risk to confidentiality, integrity, and availability of organizational data and services.
Mitigation Recommendations
To mitigate this SSRF vulnerability effectively, European organizations should: 1) Immediately apply the latest patches from Salesforce for Tableau Server versions 2025.1.3, 2024.2.12, or 2023.3.19 as applicable. 2) Implement strict network segmentation and firewall rules to restrict Tableau Server’s outbound requests only to trusted and necessary endpoints, minimizing the attack surface for SSRF exploitation. 3) Employ web application firewalls (WAF) with SSRF detection capabilities to monitor and block suspicious request patterns targeting Tableau Server. 4) Conduct thorough security reviews and penetration testing focused on SSRF vectors within Tableau Server deployments. 5) Monitor server logs for unusual outbound request activity that could indicate exploitation attempts. 6) Limit Tableau Server’s permissions and network access to the minimum required for operation, reducing potential impact if exploited. 7) Educate IT and security teams about SSRF risks and ensure incident response plans include scenarios involving SSRF attacks on analytics platforms. These targeted measures go beyond generic advice by focusing on controlling outbound requests, patch management, and active monitoring specific to Tableau Server’s architecture.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain
CVE-2025-52453: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server
Description
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
AI-Powered Analysis
Technical Analysis
CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the Flow Data Source modules on Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to make unintended requests to internal or external resources, potentially bypassing network access controls. In this case, the vulnerability allows an attacker to perform Resource Location Spoofing, which means the attacker can trick the Tableau Server into fetching resources from locations of their choosing. This can lead to unauthorized internal network scanning, data exfiltration, or interaction with internal services that are otherwise inaccessible externally. The affected versions include all releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating multiple branches of Tableau Server are impacted. No public exploits are currently known, and no CVSS score has been assigned yet. However, the vulnerability is significant because Tableau Server is often deployed in enterprise environments with access to sensitive business intelligence data and internal networks. Exploitation could allow attackers to pivot within an organization’s infrastructure or access sensitive data indirectly through the server. The vulnerability is categorized under CWE-918, which highlights the risk of SSRF leading to unauthorized resource access or network reconnaissance. Since Tableau Server is a critical analytics platform, this SSRF flaw could be leveraged to compromise confidentiality and integrity of data, as well as availability if used to trigger denial-of-service conditions.
Potential Impact
For European organizations, the impact of this SSRF vulnerability in Salesforce Tableau Server could be substantial. Many enterprises, including financial institutions, healthcare providers, and government agencies across Europe, rely on Tableau Server for data visualization and decision-making. An SSRF exploit could enable attackers to bypass perimeter defenses and access internal services, potentially exposing sensitive personal data protected under GDPR. This could lead to data breaches, regulatory penalties, and reputational damage. Additionally, attackers might use the vulnerability to perform lateral movement within corporate networks, increasing the risk of further compromise or ransomware deployment. The disruption of Tableau Server services could also impact business continuity and operational efficiency. Given the widespread adoption of Tableau Server in Europe and the critical nature of the data it processes, the vulnerability poses a high risk to confidentiality, integrity, and availability of organizational data and services.
Mitigation Recommendations
To mitigate this SSRF vulnerability effectively, European organizations should: 1) Immediately apply the latest patches from Salesforce for Tableau Server versions 2025.1.3, 2024.2.12, or 2023.3.19 as applicable. 2) Implement strict network segmentation and firewall rules to restrict Tableau Server’s outbound requests only to trusted and necessary endpoints, minimizing the attack surface for SSRF exploitation. 3) Employ web application firewalls (WAF) with SSRF detection capabilities to monitor and block suspicious request patterns targeting Tableau Server. 4) Conduct thorough security reviews and penetration testing focused on SSRF vectors within Tableau Server deployments. 5) Monitor server logs for unusual outbound request activity that could indicate exploitation attempts. 6) Limit Tableau Server’s permissions and network access to the minimum required for operation, reducing potential impact if exploited. 7) Educate IT and security teams about SSRF risks and ensure incident response plans include scenarios involving SSRF attacks on analytics platforms. These targeted measures go beyond generic advice by focusing on controlling outbound requests, patch management, and active monitoring specific to Tableau Server’s architecture.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Salesforce
- Date Reserved
- 2025-06-16T20:18:48.946Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6883d858ad5a09ad00565a87
Added to database: 7/25/2025, 7:17:44 PM
Last enriched: 7/25/2025, 7:33:36 PM
Last updated: 8/18/2025, 1:22:23 AM
Views: 8
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.