CVE for a vulnerability impacting Salesforce CLI - CVE-2025-9844

The Salesforce-CLI installer (sf-x64.exe) is vulnerable to arbitrary code execution, privilege escalation, and SYSTEM-level access. This vulnerability arises from improper handling of the executable file path, especially when combined with social engineering tactics.

Affected Versions: Salesforce-CLI versions prior to 2.106.6 are impacted.

This vulnerability affects only those customers who downloaded the software from an untrusted source, rather than directly from the official Salesforce site. Untrusted downloads may contain a malicious file in the local directory, which could be executed instead of the legitimate files in the specified file path.