Vulnerability Details CVE-2025-26495
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-26495
-
cpe:2.3:a:tableau:tableau_server:2020.4
-
cpe:2.3:a:tableau:tableau_server:2020.4.1
-
cpe:2.3:a:tableau:tableau_server:2020.4.10
-
cpe:2.3:a:tableau:tableau_server:2020.4.11
-
cpe:2.3:a:tableau:tableau_server:2020.4.12
-
cpe:2.3:a:tableau:tableau_server:2020.4.13
-
cpe:2.3:a:tableau:tableau_server:2020.4.14
-
cpe:2.3:a:tableau:tableau_server:2020.4.15
-
cpe:2.3:a:tableau:tableau_server:2020.4.16
-
cpe:2.3:a:tableau:tableau_server:2020.4.17
-
cpe:2.3:a:tableau:tableau_server:2020.4.2
-
cpe:2.3:a:tableau:tableau_server:2020.4.3
-
cpe:2.3:a:tableau:tableau_server:2020.4.4
-
cpe:2.3:a:tableau:tableau_server:2020.4.5
-
cpe:2.3:a:tableau:tableau_server:2020.4.6
-
cpe:2.3:a:tableau:tableau_server:2020.4.7
-
cpe:2.3:a:tableau:tableau_server:2020.4.8
-
cpe:2.3:a:tableau:tableau_server:2020.4.9
-
cpe:2.3:a:tableau:tableau_server:2021.1
-
cpe:2.3:a:tableau:tableau_server:2021.1.1
-
cpe:2.3:a:tableau:tableau_server:2021.1.10
-
cpe:2.3:a:tableau:tableau_server:2021.1.11
-
cpe:2.3:a:tableau:tableau_server:2021.1.12
-
cpe:2.3:a:tableau:tableau_server:2021.1.13
-
cpe:2.3:a:tableau:tableau_server:2021.1.14
-
cpe:2.3:a:tableau:tableau_server:2021.1.15
-
cpe:2.3:a:tableau:tableau_server:2021.1.2
-
cpe:2.3:a:tableau:tableau_server:2021.1.3
-
cpe:2.3:a:tableau:tableau_server:2021.1.4
-
cpe:2.3:a:tableau:tableau_server:2021.1.5
-
cpe:2.3:a:tableau:tableau_server:2021.1.6
-
cpe:2.3:a:tableau:tableau_server:2021.1.7
-
cpe:2.3:a:tableau:tableau_server:2021.1.8
-
cpe:2.3:a:tableau:tableau_server:2021.1.9
-
cpe:2.3:a:tableau:tableau_server:2021.2
-
cpe:2.3:a:tableau:tableau_server:2021.2.1
-
cpe:2.3:a:tableau:tableau_server:2021.2.10
-
cpe:2.3:a:tableau:tableau_server:2021.2.11
-
cpe:2.3:a:tableau:tableau_server:2021.2.12
-
cpe:2.3:a:tableau:tableau_server:2021.2.13
-
cpe:2.3:a:tableau:tableau_server:2021.2.2
-
cpe:2.3:a:tableau:tableau_server:2021.2.3
-
cpe:2.3:a:tableau:tableau_server:2021.2.4
-
cpe:2.3:a:tableau:tableau_server:2021.2.5
-
cpe:2.3:a:tableau:tableau_server:2021.2.6
-
cpe:2.3:a:tableau:tableau_server:2021.2.7
-
cpe:2.3:a:tableau:tableau_server:2021.2.8
-
cpe:2.3:a:tableau:tableau_server:2021.2.9
-
cpe:2.3:a:tableau:tableau_server:2021.3
-
cpe:2.3:a:tableau:tableau_server:2021.3.1
-
cpe:2.3:a:tableau:tableau_server:2021.3.10
-
cpe:2.3:a:tableau:tableau_server:2021.3.11
-
cpe:2.3:a:tableau:tableau_server:2021.3.12
-
cpe:2.3:a:tableau:tableau_server:2021.3.2
-
cpe:2.3:a:tableau:tableau_server:2021.3.3
-
cpe:2.3:a:tableau:tableau_server:2021.3.4
-
cpe:2.3:a:tableau:tableau_server:2021.3.5
-
cpe:2.3:a:tableau:tableau_server:2021.3.6
-
cpe:2.3:a:tableau:tableau_server:2021.3.7
-
cpe:2.3:a:tableau:tableau_server:2021.3.8
-
cpe:2.3:a:tableau:tableau_server:2021.3.9
-
cpe:2.3:a:tableau:tableau_server:2021.4
-
cpe:2.3:a:tableau:tableau_server:2021.4.1
-
cpe:2.3:a:tableau:tableau_server:2021.4.2
-
cpe:2.3:a:tableau:tableau_server:2021.4.3
-
cpe:2.3:a:tableau:tableau_server:2021.4.4
-
cpe:2.3:a:tableau:tableau_server:2021.4.5
-
cpe:2.3:a:tableau:tableau_server:2021.4.6
-
cpe:2.3:a:tableau:tableau_server:2021.4.7
-
cpe:2.3:a:tableau:tableau_server:2022.1
-
cpe:2.3:a:tableau:tableau_server:2022.1.1
-
cpe:2.3:a:tableau:tableau_server:2022.1.2