CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26495: Sensitive Data Exposure in Tableau Server

Description

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.

Classification

CVE ID: CVE-2025-26495

Affected Products

Vendor: Salesforce

Product: Tableau Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://help.salesforce.com/s/articleView?id=000390611&type=1

Timeline

2025-02-12 00:31:41 UTC
CVE

Sensitive Data Exposure in Tableau Server