CVE-2025-64320

Medium CVSS: 6.5

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.

Vendor

Salesforce

Product

Agentforce Vibes

CWE

CWE-94

Yayın Tarihi

2025-11-04 19:17:11

Güncelleme

2026-02-04 19:54:35

Source Identifier

security@salesforce.com

KEV Date Added

Kategoriler

CWE-94 Agentforce Vibes MEDIUM Salesforce 2025

Referanslar

https://help.salesforce.com/s/articleView?id=005228032&type=1

Benzer Kayıtlar

Critical

CVE-2026-22583

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing…

Critical

CVE-2026-22585

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, For…

Critical

CVE-2026-22586

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Pr…

Critical

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing…

Critical

CVE-2026-22584

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux al…

Medium

CVE-2025-64318

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allow…