Code Injection Vulnerability in Salesforce Agentforce Vibes Extension
CVE-2025-64320
Currently unrated
What is CVE-2025-64320?
The Agentforce Vibes Extension for Salesforce has a vulnerability that allows for code injection due to improper handling of user inputs intended for LLM prompting. This can lead to unauthorized execution of arbitrary code and potential data breaches. It is crucial for users of versions prior to 3.2.0 to update their software to mitigate risks associated with this vulnerability.
Affected Version(s)
Agentforce Vibes Extension 0 < 3.2.0