Vulnerability Database

299,749

Total vulnerabilities in the database

CVE-2025-52446

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Published: Jul 25, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-52446
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
tableau / tableau_server	-	2023.3.19
tableau / tableau_server	2024.2	2024.2.12
tableau / tableau_server	2025.1	2025.1.3

https://help.salesforce.com/s/articleView?id=005105043&type=1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo