securRecent revelations have highlighted multiple security vulnerabilities within Salesforce’s industry clouds, with research from AppOmni uncovering over 20 critical security issues. These vulnerabilities pose significant threats to the sensitive data of numerous organizations worldwide. Particularly alarming is the exposure of zero-day vulnerabilities in Salesforce’s industry-specific cloud suite, which is instrumental for sectors such as finance, healthcare, government, and telecommunications. This situation underscores the importance of prioritizing security measures for cloud-based services to prevent unauthorized data access and potential breaches.
Identified Weaknesses and Potential Data Exposure
Security Flaws in Salesforce’s Core Features
AppOmni’s investigation has brought to light vulnerabilities in the core features of Salesforce’s industry clouds, which could potentially lead to the exposure of sensitive information. This includes personal details like names, email addresses, home addresses, financial records, and healthcare data. Furthermore, there is a notable risk of login credentials being compromised, opening the door to unauthorized access to various systems within organizations. Aaron Costello, Chief of SaaS Security Research at AppOmni, identified critical vulnerabilities that arise from misconfigurations and default settings. These vulnerabilities allow nefarious actors to bypass access controls, decrypt sensitive data, exploit caching mechanisms for information leaks, and steal session data and API tokens. Such lapses indicate systemic security weaknesses that necessitate immediate attention and resolution by affected organizations. Salesforce has taken initial steps by issuing five Common Vulnerabilities and Exposures (CVEs). Of these, the company has released patches to address three vulnerabilities and has provided guidance to mitigate the remaining two.
Misconfigurations and Default Setting Risks
The discovery of 16 configuration-related issues further complicates the situation, requiring immediate intervention from customers to rectify the problems. Key vulnerabilities with significant implications revolve around Salesforce components known as FlexCards and Data Mappers. These components are integral to data management within Salesforce’s infrastructure but present severe security risks due to their current configurations. For instance, CVE-2025-43697 pertains to Data Mapper’s ‘Extract’ and ‘Turbo Extract’ actions, which default to not enforcing field-level security, risking unauthorized data retrieval by non-permitted users.
Similarly, CVE-2025-43698 involves the FlexCard’s SOQL data source, which fails to uphold field-level security, exposing all fields on returned records. Other related CVEs point to scenarios where permissions on FlexCards are bypassed, encryption checks are inconsistent, sensitive values are accessible to guest users, and default configurations pose data leaks to uncredentialed access. These findings highlight the necessity for organizations to rigorously review and enhance their security measures within the Salesforce environment.
Consequences and Mitigation Approaches
Industry-Wide Impact and Organizational Responsibilities
The implications of these vulnerabilities are widespread, as approximately 25% of Salesforce industry cloud customers are at risk of inadvertently exposing sensitive data. This situation underscores the vulnerability of thousands of companies globally, cutting across a wide array of industries from different sectors. The pervasive nature of these vulnerabilities means that organizations of various sizes are vulnerable, potentially threatening compliance, trust, and operational integrity. Aaron Costello stresses the significant risks posed by low-code platforms like Salesforce Industry Cloud, which are designed for ease of application development but may inadvertently harbor security flaws if security is not emphasized. To address these concerns, organizations must identify and address misconfigurations immediately, ensuring industry clouds are used to their full potential without compromising data security. Strategic steps include applying Salesforce patches regularly, enhancing sharing rules, enforcing stricter field-level access controls, and hardening components by ensuring robust permissions. Failure to do so could lead to serious compliance breaches and legal liabilities, particularly in highly regulated sectors such as finance and healthcare.
Proactive Solutions and Industry Recommendations
In response to the findings, AppOmni has released more than 20 automated tools to help organizations detect and rectify risky Salesforce configurations. By aligning with the highlighted security issues, these tools empower security and platform teams to proactively mitigate potential vulnerabilities. Salesforce has also issued advisories and resources to support organizations in addressing and mitigating the reported vulnerabilities.
For comprehensive security, companies are urged to review and, if necessary, overhaul their current configurations to align with the provided advisories and guidelines. This proactive approach is critical to safeguarding sensitive information and reinforcing the security stature of critical SaaS platforms. As these measures are adapted, organizations can better protect themselves from evolving security threats and maintain trust with their stakeholders.
Moving Towards Enhanced SaaS Security
Recent disclosures have brought to light numerous security vulnerabilities within Salesforce’s industry clouds, with research from AppOmni identifying more than 20 key security issues. These security flaws present substantial risks to the sensitive information of countless organizations worldwide. Particularly concerning is the exposure of zero-day vulnerabilities within Salesforce’s industry-focused cloud suite, which serves major sectors such as finance, healthcare, government, and telecommunications. The existence of zero-day vulnerabilities suggests that there are undiscovered flaws that attackers could exploit before developers can address them. Given the critical nature of these sectors, unauthorized data access and potential breaches could have far-reaching consequences. This situation emphatically highlights the urgent need for enhancing security protocols and implementing stringent protective measures specifically for cloud-based services. Doing so is crucial to safeguard sensitive information and maintain the trust of the industries relying on these technological solutions.