Primary

Context

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability Allowing Exposure of Encrypted Data

Vulnerability

A vulnerability exists in Salesforce OmniStudio (FlexCards) due to improper preservation of permissions, which can lead to the exposure of encrypted data. This issue affects OmniStudio versions prior to Spring 2025.

Impact

Exploitation of this vulnerability could result in unauthorized access to encrypted data, potentially leading to data exposure or misuse.

Remediation

Customers are advised to review the affected components (Flexcards and Data Mappers), verify that users with data access issues have the necessary field-level security and permissions, and update user profiles or permission sets as needed to restore expected data visibility.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability Allowing Exposure of Encrypted Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating