Description
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. 

This impacts OmniStudio: before Spring 2025.
Published: 2025-06-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17657 Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.
History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00043}

 epss

{'score': 0.00046}

Tue, 10 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Jun 2025 11:30:00 +0000

Type Values Removed Values Added
Description Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.
Weaknesses CWE-281
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Salesforce

Published:

Updated: 2025-06-10T15:15:24.723Z

Reserved: 2025-04-16T18:32:06.820Z

Link: CVE-2025-43700

cve-icon Vulnrichment

Updated: 2025-06-10T14:17:33.913Z

cve-icon NVD

Status : Deferred

Published: 2025-06-10T12:15:24.483

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-43700

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses