CVE-2025-43701

HIGH

Salesforce OmniStudio <254 - Info Disclosure

Title source: llm

Description

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.

References (1)

[Various Sources] https://help.salesforce.com/s/articleView?id=004980323&type=1

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 23.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-281

Status draft

Timeline

Published Jun 10, 2025

Tracked Since Feb 18, 2026