CVE-2025-64320
CVE-2025-64320
In short
The Salesforce Agentforce Vibes Extension fails to properly filter user input before sending it to an AI language model, allowing attackers to inject malicious code or commands that the AI may execute.
Technical detail
CWE-1427 describes improper neutralization of LLM prompt inputs; an unauthenticated or low-privilege attacker can supply crafted input that bypasses validation, leading to prompt injection and potential code execution through the AI model in Agentforce Vibes Extension versions before 3.2.0.
Summary generated and translated by AI from the official description.
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Salesforce · Agentforce Vibes ExtensionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →