CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

ForcedLeak Vulnerability in Salesforce Agentforce Exploited via AI Prompt Injection

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability, dubbed ForcedLeak (CVSS score: 9.4), affects Salesforce Agentforce, allowing attackers to exfiltrate sensitive CRM data through indirect prompt injection. The flaw was disclosed by Noma Security and patched by Salesforce. The vulnerability leveraged an expired Salesforce-related domain to transmit stolen data. The attack involved submitting a malicious Web-to-Lead form, processing it with AI, querying CRM for sensitive data, and transmitting it to the attacker-controlled domain. Salesforce has since mitigated the issue by re-securing the domain and enforcing a URL allowlist mechanism. Users are advised to audit existing lead data, enforce Trusted URLs, and implement strict input validation.

Timeline

  1. 25.09.2025 18:17 1 articles · 0h ago

    ForcedLeak Vulnerability in Salesforce Agentforce Exploited via AI Prompt Injection

    A critical vulnerability, ForcedLeak (CVSS score: 9.4), was discovered in Salesforce Agentforce, allowing attackers to exfiltrate sensitive CRM data through indirect prompt injection. The flaw was disclosed by Noma Security on July 28, 2025, and patched by Salesforce. The attack involved submitting a malicious Web-to-Lead form, processing it with AI, querying CRM for sensitive data, and transmitting it to an attacker-controlled domain. Salesforce has mitigated the issue by re-securing the domain and enforcing a URL allowlist mechanism. Users are advised to audit existing lead data, enforce Trusted URLs, and implement strict input validation.

    Show sources

Information Snippets