CVE-2025-43699

CVE-2025-43699

Vendor Salesforce
Product OmniStudio
Weakness CWE-602 · Client-side enforcement
Published June 10, 2025
Last update June 18, 2025

CVSS base score

What the vulnerability does

01Description

Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check.  This impacts OmniStudio: before Spring 2025

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 18, 2025 Record updated