Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days

A recent investigation by security research firm AppOmni has brought to light more than twenty security weaknesses within Salesforce‘s Industry Cloud products. These findings, shared with Hackread.com, include several critical, previously unknown vulnerabilities, known as zero-days, which have been given a high-risk rating.

The research, led by AppOmni’s Chief of SaaS Security Research, Aaron Costello, highlights how simple setup mistakes by users can expose sensitive information and lead to serious security problems.

For your information, Salesforce Industry Clouds are designed to help businesses in areas like healthcare, finance, and telecommunications build custom solutions quickly, even for those without deep technical skills. This low-code approach makes development fast, but it also means users have a responsibility to set up the platform securely.

Costello’s research revealed that basic settings and common but unsafe practices could allow unauthorized access to encrypted data, enable session stealing, and expose login details and business information.

Five of the critical vulnerabilities have been assigned CVEs (Common Vulnerabilities and Exposures), with three already fixed and two needing action from customers to resolve. Sixteen other setup risks remain the customer’s responsibility to fix.

****Understanding the Risks****

The security problems found affect important parts of Salesforce, such as FlexCards, Data Mappers, and Integration Procedures. These components are used to handle and display data within the platform. For example, some issues found could allow people without the right permissions to see encrypted data or bypass security checks.

This means sensitive information like names, addresses, financial records, and even healthcare data could be at risk. Attackers could also steal login information, potentially gaining access to other company systems.

Specifically, five serious vulnerabilities (CVE-2025-43697, CVE-2025-43698, CVE-2025-43699, CVE-2025-43700, and CVE-2025-43701) were identified in FlexCards and Data Mappers. Four of these are rated as high severity.

One vulnerability, CVE-2025-43697, found in Data Mapper, could expose encrypted information if not handled properly. The FlexCard vulnerabilities include issues where field-level security can be ignored (CVE-2025-43698), required permissions can be bypassed (CVE-2025-43699), encrypted data can be viewed by unauthorized users (CVE-2025-43700), and custom settings data can be exposed (CVE-2025-43701).

****Customer Action is Key****

Approximately a quarter of AppOmni’s customers use Salesforce Industry Clouds, highlighting the widespread impact of these findings. It’s crucial for organizations using these services to review and secure their configurations immediately.

Salesforce has worked with AppOmni to address these issues. While Salesforce has provided fixes for some issues, many of the identified risks require customers to make specific changes to their settings. This approach is vital to prevent attackers from exploiting these weaknesses. AppOmni has also released tools to help customers detect these misconfigurations in their Salesforce Industry Cloud setups.

Aaron Costello, chief of SaaS Security Research at AppOmni emphasized the need for better security practices in SaaS applications, noting that misconfigured SaaS apps are a significant yet often overlooked risk.

“My research highlights how simple misconfigurations can create serious risks, not just within Industry Cloud but across an organization’s entire Salesforce environment. By understanding these risks and applying best practices, companies can fully leverage Industry Cloud’s capabilities without exposing themselves to unnecessary threats,” Costello noted.