Critical Salesforce Flaws Allow Remote Code Execution – Patch Immediately!
gbhackersSalesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases.
The vulnerabilities, announced on June 26, 2025, affect multiple versions of Tableau Server and carry CVSS scores ranging from 8.0 to 8.5, indicating severe security risks that require immediate attention.
Critical Salesforce Flaws
Salesforce sent urgent notifications to all active Tableau Server portal administrators and security contacts regarding eight critical vulnerabilities addressed in the June Maintenance Release.
The company is strongly advising all Tableau Server customers to upgrade to the most recent supported version immediately to mitigate these security risks.
| CVE ID | Vulnerability Type | CVSS Score | Affected Component |
| CVE-2025-52446 | Authorization Bypass | 8.0 | tab-doc api modules |
| CVE-2025-52447 | Authorization Bypass | 8.0 | set-initial-sql tabdoc command modules |
| CVE-2025-52448 | Authorization Bypass | 8.0 | validate-initial-sql api modules |
| CVE-2025-52449 | Unrestricted File Upload (RCE) | 8 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE