CVE-2025-43699

Medium

Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission…

Salesforce·CWE-602·Published 2025-06-10

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

188 chars

Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check. This impacts OmniStudio: before Spring 2025

NVDen

188 chars

Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check. This impacts OmniStudio: before Spring 2025

NVDes

226 chars

La vulnerabilidad de conservación incorrecta de permisos en Salesforce OmniStudio (FlexCards) permite eludir los controles de seguridad de campo para objetos OmniUICard. Esto afecta a OmniStudio: antes de la primavera de 2025.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N