CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26494: Server Side Request Forgery vulnerability in Tableau Server

Description

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.

Classification

CVE ID: CVE-2025-26494

Affected Products

Vendor: Salesforce

Product: Tableau Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://help.salesforce.com/s/articleView?id=001534936&type=1

Timeline

2025-02-12 00:31:41 UTC
CVE

Server Side Request Forgery vulnerability in Tableau Server