Primary

Context

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability in FlexCards

Vulnerability

A vulnerability allowing the bypass of field-level security controls for Salesforce objects has been identified in Salesforce OmniStudio (FlexCards) versions prior to Spring 2025. This issue arises from improper preservation of permissions, which can lead to unauthorized access to sensitive data or functionality.

Impact

Exploitation of this vulnerability allows for the bypass of field-level security controls, potentially leading to unauthorized access to sensitive data within Salesforce objects.

Remediation

Users should review the affected components (Flexcards and Data Mappers) and verify that individuals experiencing data access issues have the necessary field-level security and permissions. User profiles or permission sets may need to be updated to restore the expected data visibility.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability in FlexCards

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating