What is CVE-2025-26495?

A high-severity vulnerability has been identified in Salesforce Tableau Server, which allows cleartext storage of sensitive information. Organizations should prioritize patching to mitigate this risk.

What is the severity of CVE-2025-26495?

CVE-2025-26495 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2025-26495 | High Vulnerability in Tableau Server

CVE-2025-26495 is a high-severity vulnerability affecting Salesforce Tableau Server. This vulnerability allows the cleartext storage of sensitive information, specifically the Personal Access Token (PAT), into logging repositories. This issue impacts several versions of Tableau Server, including all versions prior to 2022.1.3, 2021.4.8, 2021.3.13, 2021.2.14, 2021.1.16, and 2020.4.19. Given its nature and the potential for exploitation, organizations must act swiftly to address this vulnerability.

The CVSS score of 7.5 categorizes this vulnerability as high severity, indicating significant risk to organizations. The attack vector is network-based, with low complexity and no privileges required for exploitation. The potential for confidentiality impact is high, making it critical for affected organizations to take immediate action.

Currently, there are no known exploits available for this vulnerability, and it is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, the risk remains substantial due to the nature of the vulnerability and the sensitive information involved. Organizations should prioritize patching immediately to mitigate potential risks.

To ensure security, organizations should routinely assess their Tableau Server installations and implement necessary updates. Awareness of such vulnerabilities is crucial in maintaining a robust security posture and protecting sensitive data.

For comprehensive guidance on vulnerability management, organizations can refer to the resources available on AppSecure.

Vulnerability Details

The vulnerability is classified as a cleartext storage of sensitive information issue, as described in the official CVE documentation. Salesforce has acknowledged this vulnerability and provided necessary details regarding its impact.

The CVSS version is 3.1, with a vector string indicating an attack vector of NETWORK, low attack complexity, and no required privileges or user interaction. The confidentiality impact is rated high, while integrity and availability impacts are rated none.

The affected product is Tableau Server, with specific versions listed in the CVE details. This vulnerability is classified under CWE-312, which pertains to cleartext storage of sensitive information.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of sensitive information by logging mechanisms within Tableau Server. Sensitive tokens, such as the Personal Access Token (PAT), are stored in cleartext within logging repositories, exposing them to unauthorized access.

The attack vector for this vulnerability is network-based, meaning that an attacker on the same network could potentially access the logs to retrieve sensitive information. The attack complexity is low, as there are no special privileges required to exploit this vulnerability, and user interaction is not necessary.

In terms of impact, the confidentiality of sensitive information is significantly compromised, while the integrity and availability of the system remain unaffected. Organizations utilizing Tableau Server should be aware that the exposure of such sensitive information could lead to unauthorized access and potential data breaches.

Risk & Impact Analysis

Risk to organizations includes exposure of sensitive data, which could lead to unauthorized access and potential breaches. The blast radius of this vulnerability could extend to all users of the affected Tableau Server installations, making it a critical concern for data security.

Given the CVSS score of 7.5, organizations should address this vulnerability in their priority patch cycle. The potential for exploitation, coupled with the sensitivity of the exposed data, necessitates immediate attention from security teams.

Organizations that fail to remediate this vulnerability risk facing compliance penalties and reputational damage. The urgency of addressing this issue cannot be overstated, as attackers may leverage this vulnerability to gain unauthorized access to sensitive environments.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Tableau Server include all versions before the following: 2022.1.3, 2021.4.8, 2021.3.13, 2021.2.14, 2021.1.16, and 2020.4.19. Organizations using these versions should prioritize upgrading to the latest versions as part of their remediation efforts.

Mitigation & Remediation

To mitigate this vulnerability, organizations must apply the latest patches provided by Tableau. The recommended versions to upgrade to are those released after the affected versions mentioned earlier.

In the event that a patch is not immediately available, organizations should consider implementing workarounds such as limiting access to logging repositories and ensuring that sensitive information is not logged in cleartext.

Regular monitoring of logging practices and sensitive information handling should be established to identify and remediate any potential exposures.

For further assistance with security measures, organizations may refer to resources on penetration testing and security assessments.

Detection Guidance

Organizations should monitor logs for cleartext storage of sensitive information, specifically for Personal Access Tokens (PAT). Any indications of unauthorized access to logging repositories should be investigated immediately.

Behavioral anomalies in accessing logging systems or unusual logging patterns may indicate potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-26495 lies in its representation of the ongoing challenge of sensitive information management within application logging practices. Organizations must adopt rigorous security protocols to safeguard sensitive data against exposure.

As organizations increasingly rely on logging for operational efficiency, the risk of inadvertently exposing sensitive information also grows. This vulnerability serves as a reminder for security teams to continuously assess and improve their logging practices.

For more insights into effective security measures, organizations can explore resources on vulnerability management, penetration testing methodology, and security testing best practices to enhance their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-26495: High Vulnerability in Tableau Server