The recently identified CVE-2025-26494 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting Salesforce Tableau Server versions from 2023.3 through 2023.3.5. This vulnerability allows authentication bypass, posing significant risks to organizations utilizing affected versions of the Tableau Server.
The CVSS score assigned to this vulnerability is 7.7, indicating a high level of severity. The potential for exploitation of this vulnerability emphasizes the urgency for organizations to take immediate action to mitigate risks.
Risk to organizations includes unauthorized access to sensitive data and resources through compromised authentication mechanisms. Given the nature of the vulnerability, it is imperative for organizations to address this issue in their patch management cycle.
Currently, there are no known exploits or public proof-of-concept (PoC) available for this vulnerability. However, organizations should not become complacent, as the absence of known exploits does not diminish the risk associated with this vulnerability.
Vulnerability Details
The vulnerability is classified as a Server-Side Request Forgery (SSRF) and is identified under CWE-918. It allows attackers to bypass authentication mechanisms, which could lead to unauthorized access to sensitive data stored within the Tableau Server.
The CVSS v3.1 vector for this vulnerability is: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. This indicates that the attack vector is network-based, the complexity is low, and it requires low privileges with no user interaction.
Affected products include Tableau Server, specifically versions from 2023.3 to 2023.3.5. The vulnerability was published on February 11, 2025, and the last modification date was October 29, 2025.
Technical Analysis
The root cause of this vulnerability lies in the improper validation of user inputs on the server side, allowing attackers to craft requests that can bypass authentication checks. The attack vector is primarily network-based, meaning an attacker can exploit this vulnerability remotely without physical access to the server.
The attack complexity is classified as low, making it easier for potential attackers to exploit the vulnerability. The privileges required are also low, as an attacker may not need extensive access rights to exploit the vulnerability. Furthermore, there is no user interaction required for the exploitation.
In terms of impact, the confidentiality impact is high, as unauthorized access could expose sensitive information. However, there is no integrity or availability impact associated with this vulnerability.
Risk & Impact Analysis
Real-world deployment risk is significant due to the nature of the vulnerability. Organizations utilizing affected versions of the Tableau Server may face severe consequences, including data breaches and loss of customer trust.
The blast radius for this vulnerability could extend to all users of the Tableau Server platform, as attackers may exploit the authentication bypass to gain unauthorized access to all functionalities of the server.
Given the CVSS score of 7.7, organizations should prioritize patching immediately. The lack of known exploits does not mitigate the need for urgency, as attackers may still develop methods to exploit this vulnerability.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The vulnerability affects all versions of Tableau Server from 2023.3 to 2023.3.5. Organizations should confirm their versions and apply necessary patches.
Mitigation & Remediation
Organizations should prioritize patching their Tableau Server to the latest version available. If patches are unavailable, consider implementing workarounds such as restricting access to the server and monitoring for suspicious activity. Regular security assessments and configuration hardening should also be part of the remediation strategy.
For guidance on effective remediation strategies, organizations can refer to the penetration testing services offered by AppSecure.
Detection Guidance
Organizations should monitor their logs for any unusual request patterns that may indicate attempts to exploit this vulnerability. Behavioral anomalies on the server, as well as any unauthorized access attempts, should be investigated promptly.
AppSecure Threat Intelligence Insight
This vulnerability highlights the importance of robust security practices in application development and deployment. Security teams should adopt comprehensive security measures to mitigate risks associated with SSRF vulnerabilities. Regular training and awareness programs can help in recognizing potential threats.
For further insights on vulnerability management, organizations can explore the vulnerability management program design principles.
Additionally, organizations should stay informed about the latest cybersecurity trends and best practices by reviewing the penetration testing methodology articles available.
Organizations should also consider the implications of SSRF vulnerabilities in their overall security posture and adopt proactive measures to enhance their defenses.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)