Improper Permissions Handling in Salesforce OmniStudio - FlexCards
CVE-2025-43699

5.3MEDIUM

Key Information:

Vendor: Salesforce
Status: Omnistudio
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-43699?

The vulnerability in Salesforce OmniStudio's FlexCards component enables unauthorized users to bypass field-level security controls for OmniUICard objects. This flaw can lead to exposure of sensitive data as it undermines the intended security measures in place, affecting the integrity of user permissions. Organizations using OmniStudio prior to Spring 2025 should prioritize addressing this issue to safeguard against potential data breaches and maintain compliance with security protocols.

Affected Version(s)

OmniStudio 0

References

https://help.salesforce.com/s/articleView?id=004980323&ty...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025