CVE-2025-52452

High CVSS 8.5

Overview

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CWE: CWE-22 Published: 2025-07-25T19:15:40.870

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.5 (HIGH)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags