CVE-2025-52455 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the EPS Server modules on both Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to make HTTP requests to arbitrary domains or internal systems, potentially bypassing network access controls. In this case, the vulnerability allows resource location spoofing, which means an attacker could trick the Tableau Server into fetching resources from unintended or malicious locations. The affected versions include all releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. The vulnerability is classified under CWE-918, which covers SSRF issues. No CVSS score has been assigned yet, and no known exploits are reported in the wild. The vulnerability was reserved in mid-June 2025 and published in late July 2025. The lack of a CVSS score suggests that the assessment is recent and still under evaluation. SSRF vulnerabilities can be leveraged to access internal services behind firewalls, perform port scanning, or exploit other vulnerabilities in internal systems, potentially leading to data exposure or further compromise. Given Tableau Server's role in data visualization and business intelligence, exploitation could lead to unauthorized access to sensitive business data or internal network reconnaissance.

For European organizations, the impact of this SSRF vulnerability in Salesforce Tableau Server could be significant. Tableau Server is widely used across various industries in Europe for data analytics and visualization, often integrating with sensitive internal data sources. Exploitation could allow attackers to access internal network resources, bypass firewall protections, and potentially retrieve confidential business intelligence data or personally identifiable information (PII) protected under GDPR. This could lead to data breaches, regulatory fines, reputational damage, and operational disruption. Additionally, SSRF can be a stepping stone for lateral movement within an organization's network, increasing the risk of broader compromise. Organizations in sectors such as finance, healthcare, manufacturing, and government, which rely heavily on Tableau Server for decision-making, could face heightened risks. The absence of known exploits currently provides a window for proactive mitigation, but the public disclosure increases the likelihood of future exploitation attempts.

European organizations should prioritize updating Tableau Server to the fixed versions 2025.1.3, 2024.2.12, or 2023.3.19 as soon as possible to remediate this SSRF vulnerability. Until patches are applied, organizations should implement strict network segmentation and firewall rules to limit Tableau Server's outbound HTTP requests to only trusted internal and external endpoints. Employing web application firewalls (WAFs) with SSRF detection capabilities can help detect and block malicious request patterns. Monitoring Tableau Server logs for unusual outbound requests or access patterns can provide early indicators of exploitation attempts. Additionally, organizations should review and minimize Tableau Server's permissions and network access to reduce the attack surface. Conducting internal penetration testing focusing on SSRF scenarios can help identify residual risks. Finally, ensure that incident response teams are aware of this vulnerability and prepared to respond to potential exploitation attempts.