At Salesforce, belief is our #1 worth. We perceive that our clients’ success relies on the safety of their information. That’s why along with our ongoing inner safety assessments, we constantly spend money on rigorous safety analysis via exterior initiatives, resulting in continued proactive product enhancements. At present, we’re sharing insights from a latest collaboration, providing a more in-depth have a look at how we’re working to guard your Salesforce setting.
Highlight on innovation: Our partnership in safety analysis
To achieve deeper insights into our platform’s safety, we collaborate with research-driven teams like AppOmni, a supplier of SaaS safety options. This initiative mixed AppOmni’s specialised analysis insights with Salesforce’s deep platform experience, offering a worthwhile exterior perspective. Via a centered safety analysis of our OmniStudio product, AppOmni recognized alternatives to reinforce configurations. In partnership, we carried out a complete evaluation to evaluate the relevance of those findings, and Salesforce efficiently carried out enhancements tailor-made to the environment.
Investing in your safety: Product enhancements now obtainable
Complementing our ongoing inner safety audits, this analysis offered an extra layer of perception, immediately informing our ongoing funding in basic product enhancements. By incorporating AppOmni’s findings, our engineering groups additional refined and enhanced the safety and reliability of OmniStudio. These enhancements are actually obtainable to clients:
- Enhanced information masking for encrypted fields: AppOmni’s analysis uncovered a particular situation involving OmniStudio FlexCards and the ComponentController Apex class the place, below sure configurations, encrypted information may doubtlessly be displayed in plaintext to customers who didn’t possess the ‘View Encrypted Knowledge’ permission. In response to this discovering, we’ve carried out strong enhancements to make sure that encrypted information is persistently and appropriately masked for all customers. Viewing this information requires a particular grant of the ‘View Encrypted Knowledge’ permission, making certain entry is intentional and auditable. This proactive enchancment considerably strengthens the confidentiality and integrity of your delicate information inside OmniStudio. For the printed CVE, please check with CVE-2025-43700.
- Strengthened safety for customized settings from visitor customers: Underneath particular configurations of FlexCard SOQL datasources, or via the ComponentController Apex class, Visitor Customers may doubtlessly bypass present platform-level safety measures designed to forestall entry to Customized Settings. Since Customized Settings typically comprise delicate info, this offered a danger of unintended info disclosure to unauthenticated customers. We promptly addressed this by reinforcing the safety mechanisms inside OmniStudio. Visitor Customers are actually persistently prevented from accessing Customized Settings values, thereby safeguarding your delicate information saved in these settings from unauthorized entry. For the printed CVE, please check with CVE-2025-43701.
- SOQL information supply circumvents field-level safety: The SOQL information supply inside FlexCards bypassed customary Salesforce Area-Degree Safety (FLS) throughout information retrieval. Consequently, customers may acquire entry to area values even with out specific FLS permissions, doubtlessly resulting in the disclosure of delicate info to unintended events. This circumvention of a basic safety management is especially regarding when contemplating different potential vulnerabilities, reminiscent of entry management bypasses and the publicity of encrypted information. We’ve addressed this by making certain the SOQL information supply now respects and enforces Area-Degree Safety, thereby stopping unauthorized entry to delicate fields and strengthening information safety inside OmniStudio. For the printed CVE, please check with CVE-2025-43698.
- Unintended plaintext publicity through information mappers: AppOmni’s analysis recognized that ‘Extract’ and ‘Turbo Extract’ Knowledge Mappers may inadvertently expose plaintext values of Traditional Encrypted fields with out requiring the person executing the DataMapper to own the ‘View Encrypted Knowledge’ permission. This circumvented the supposed entry controls for encrypted information and occurred by default until a particular configuration setting was enabled to forestall it. We’ve addressed this by making certain DataMappers now respect the ‘View Encrypted Knowledge’ permission and are additionally reinforcing the significance of enabling FLS checks. For the printed CVE, please check with CVE-2025-43697.
- Enhanced permission validation for flexcards: AppOmni recognized that the ‘Required Permission’ area, supposed to limit entry to sure OmniStudio FlexCards, carried out its validation client-side. This meant that whereas the permission verify was efficient when FlexCards have been executed via the person interface, it might be bypassed if a FlexCard was invoked immediately (e.g., through an API or background course of), doubtlessly permitting unauthorized customers to realize entry to delicate information. We’ve addressed this by implementing strong server-side permission validation for the ‘Required Permission’ area. This ensures constant and safe entry management, stopping unauthorized execution of restricted FlexCards and defending delicate info no matter how the FlexCard is invoked. For the printed CVE, please check with CVE-2025-43699.
Trying forward: Our ongoing dedication to your safety
We’re all the time nurturing a variety of analysis views via initiatives like our Bug Bounty program and different collaborative partnerships to make sure Salesforce maintains the very best requirements of platform safety. We imagine that trade participation via clear insights helps construct trusted relationships with our clients, and we stay up for sharing extra with our safety group.
Salesforce’s Safety Analysis Applications
Learn the way we collaborate with our clients, companions, and trade
