cbcvebase.
CVE-2025-26495
published 2025-02-11

CVE-2025-26495: Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.31%
22.8th percentile
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.

Affected

12 ranges
VendorProductVersion rangeFixed in
salesforcetableau_server< 2022.1.32022.1.3
salesforcetableau_server< 2021.4.82021.4.8
salesforcetableau_server< 2021.3.132021.3.13
salesforcetableau_server< 2021.2.142021.2.14
salesforcetableau_server< 2021.1.162021.1.16
salesforcetableau_server< 2020.4.192020.4.19
tableautableau_server>= 2020.4 < 2020.4.192020.4.19
tableautableau_server>= 2021.1 < 2021.1.162021.1.16
tableautableau_server>= 2021.2 < 2021.2.142021.2.14
tableautableau_server>= 2021.3 < 2021.3.132021.3.13
tableautableau_server>= 2021.4 < 2021.4.82021.4.8
tableautableau_server>= 2022.1 < 2022.1.32022.1.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.