{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:54:56.430","vulnerabilities":[{"cve":{"id":"CVE-2025-52449","sourceIdentifier":"security@salesforce.com","published":"2025-07-25T19:15:40.743","lastModified":"2025-10-31T19:23:27.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19."},{"lang":"es","value":"La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Salesforce Tableau Server para Windows y Linux (módulos de Servicio de Protocolo Extensible) permite la ejecución alternativa debido a nombres de archivo engañosos (RCE). Este problema afecta a Tableau Server: versiones anteriores a 2025.1.3, 2024.2.12 y 2023.3.19."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.8}]},"weaknesses":[{"source":"security@salesforce.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2023.3.19","matchCriteriaId":"19541292-4BD4-4BD5-AA68-3836ECC1EBE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.2","versionEndExcluding":"2024.2.12","matchCriteriaId":"4AC0483E-569A-497C-BB94-D129FACC17D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1","versionEndExcluding":"2025.1.3","matchCriteriaId":"1E78711C-389B-4E20-9623-8B0CF6BBCAC8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://help.salesforce.com/s/articleView?id=005105043&type=1","source":"security@salesforce.com","tags":["Vendor Advisory"]}]}}]}