Loading
Salesforce から送信されるメールは、承認済ドメインからのみとなります続きを読む

Omnistudio Issue 2025 - Datamapper and Flexcard

公開日: Jul 9, 2025
説明

AppOmni, a Salesforce research partner, recently discovered CVEs 2025-43698, 2025-43700, 2025-43701, 2025-43699 and 2025-43697, which impact the Flexcard and Data Mapper components of Omnistudio (for both Core and managed packages). 

 

Datamapper CVE: 

 

CVE-2025-43697: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio’s DataMapper feature allows exposure of encrypted data. This impacts OmniStudio versions prior to Spring ‘25. CVSS 3.1 Scoring Link Base Score 7.5 (High) 

 

Flexcard CVEs:

 

CVE-2025-43698: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field-level security controls for Salesforce objects. This impacts OmniStudio versions prior to Spring ‘25. CVSS 3.1 Scoring Link Base Score: 7.5  (High)

 

CVE-2025-43699: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field-level security controls for OmniUICard objects. This impacts OmniStudio versions prior to Spring ‘25. CVSS 3.1 Scoring Link Base Score: 5.3 (Medium)

 

CVE-2025-43700: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio versions prior to Spring ‘25. CVSS 3.1 Scoring Link Base Score: 7.5  (High)

 

CVE-2025-43701: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio versions prior to Spring ‘25. CVSS 3.1 Scoring Link Base Score: 7.5  (High)

解決策

Customers should:

  • Review the affected components (Flexcards and Data Mappers).

  • Verify that users experiencing data access issues have the required FLS and permissions.

  • Update user profiles or permission sets accordingly to restore expected data visibility.

ナレッジ記事番号

004980323

 
読み込み中
Salesforce Help | Article