Investigator Discovers Five Zero-Day Exploits and Over Twenty Configuration Errors in Salesforce Cloud Platform
In a recent discovery, cybersecurity researcher Aaron Costello has uncovered five zero-day vulnerabilities and over 20 configuration risks in Salesforce's cloud components. The investigation focused on Salesforce's industry cloud offerings, a suite of solutions designed to enable organizations to build industry-specific applications.
AppOmni, a cybersecurity firm, warned that a single missed setting could lead to the breach of thousands of records, with no vendor accountability. Three of these vulnerabilities affecting FlexCards have been fully resolved and no longer require any action from customers.
The affected products are part of the Salesforce OmniStudio suite, including FlexCards, Integration Procedures (IProcs), Data Mappers, OmniScript Saved Sessions, Data Packs, and OmniOut. The misconfigurations identified could enable unauthorized individuals to access encrypted sensitive data, including employee and customer information, session logs, credentials, and proprietary business logic.
Two remaining vulnerabilities have not been fixed but were addressed by introducing a customer-configurable security setting. CVE-2025-43698, an improper preservation of permissions vulnerability in Salesforce FlexCards, allows bypass of field-level security controls for Salesforce objects. This can be mitigated by enabling the Omni Interaction Configuration setting, EnforceDMFLSAndDataEncryption.
Similarly, CVE-2025-43697, an improper preservation of permissions vulnerability in Data Mappers, allows exposure of encrypted data. Enforcing FLS for all Data Mappers organization-wide can mitigate this vulnerability by creating a new Omni Interaction Configuration named EnforceDMFLSAndDataEncryption with the value true.
Organizations subject to compliance mandates, such as HIPAA, SOX, GDPR, and PCI-DSS, face real regulatory exposure from these gaps. Google Cloud-owned Mandiant warned that English-speaking hackers, tracked as UNC6040 and associated with the collective known as The Com, were observed tricking companies into giving them widespread access to Data Loader, a Salesforce tool.
Fortunately, the Vlocity suite, another Salesforce industry-centric offering, is not affected. Salesforce sent an email communication to its customers on May 19, 2025, informing them of the vulnerabilities. AppOmni disclosed Costello's findings to Salesforce, which identified five issues as vulnerabilities and assigned them Common Vulnerabilities and Exposures (CVE) identifiers.
While the name of the researcher who uncovered these issues is not explicitly mentioned in the provided search results, their discovery underscores the importance of vigilance and proactive security measures in the digital age. Organizations are advised to review their Salesforce configurations and implement the recommended mitigations to protect their sensitive data.
Read also:
- List of 2025's Billionaire Video Game Moguls Ranked by Fortune
- Dynamic exchange of power and data is shaping the network of tomorrow
- Italy passes legislation regulating AI, focusing on privacy protection, supervision, and safeguards for minors
- Enhanced Technologies for Privacy in Data Transmission and Network Sharing
