CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-43701: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts...
Description
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.
This impacts OmniStudio: before version 254.
Classification
CVE ID: CVE-2025-43701
Problem Types
CWE-281 Improper Preservation of PermissionsAffected Products
Vendor: Salesforce
Product: OmniStudio
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 12.51% (scored less or equal to compared to others)
EPSS Date: 2025-06-20 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2025-43701https://help.salesforce.com/s/articleView?id=004980323&type=1