CVE-2025-52454 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, impacting Salesforce Tableau Server on both Windows and Linux operating systems. The vulnerability resides in the Amazon S3 Connector modules, which are responsible for integrating Tableau Server with Amazon S3 storage services. SSRF vulnerabilities allow an attacker to induce the server to make HTTP requests to arbitrary domains or internal resources, potentially bypassing firewall restrictions and accessing sensitive internal systems. In this case, the vulnerability enables resource location spoofing, meaning an attacker can manipulate the server into fetching resources from unintended locations, which can lead to unauthorized data access or manipulation. The vulnerability affects multiple versions of Tableau Server prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating it spans several release branches. The CVSS v3.1 base score of 8.2 reflects a high severity, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), scope changed (S:C), and high impacts on confidentiality and integrity (C:H/I:H), but no impact on availability (A:N). This means an attacker with limited privileges and network access can exploit the vulnerability without user interaction, potentially compromising sensitive data and altering system behavior. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk for organizations relying on Tableau Server for business intelligence and data analytics, especially those integrating with Amazon S3 storage. The lack of available patches at the time of reporting necessitates immediate attention to mitigation strategies.

The SSRF vulnerability in Tableau Server can have severe consequences for organizations worldwide. Successful exploitation can lead to unauthorized access to internal network resources, including sensitive data repositories and administrative interfaces that are otherwise inaccessible externally. The high confidentiality impact means attackers could exfiltrate sensitive business intelligence data or customer information stored or processed by Tableau Server. The high integrity impact indicates potential manipulation of data or analytics results, undermining decision-making processes and trust in the platform. Since availability is not impacted, the server remains operational, which could allow prolonged undetected exploitation. Given Tableau Server's widespread use in enterprises for critical data visualization and analytics, this vulnerability could disrupt business operations, cause regulatory compliance issues, and damage organizational reputation. The requirement for low privileges and no user interaction lowers the barrier for exploitation, increasing the threat landscape. Additionally, attackers might leverage this SSRF to pivot into internal networks, escalating attacks beyond the initial compromise.

Organizations should prioritize upgrading Tableau Server to versions 2025.1.3, 2024.2.12, or 2023.3.19 as soon as these patches become available from Salesforce. Until patches are applied, implement strict network segmentation and firewall rules to restrict Tableau Server's outbound HTTP requests, especially to internal IP ranges and sensitive endpoints. Employ web application firewalls (WAFs) with SSRF detection capabilities to monitor and block suspicious request patterns. Review and limit the permissions of accounts running Tableau Server services to the minimum necessary, reducing the impact of potential exploitation. Disable or restrict the use of the Amazon S3 Connector module if it is not essential, or configure it to whitelist only trusted resource locations. Conduct thorough logging and monitoring of Tableau Server network activity to detect anomalous outbound requests indicative of SSRF exploitation attempts. Additionally, perform internal security assessments and penetration testing focused on SSRF vectors to identify and remediate related weaknesses proactively.