CVE-2025-43701 is a high-severity vulnerability identified in Salesforce OmniStudio, specifically affecting the FlexCards component prior to version 254. The vulnerability is categorized under CWE-281, which refers to improper preservation of permissions. In this context, it means that the system fails to correctly enforce or maintain access controls when handling Custom Settings data within OmniStudio. This flaw allows unauthorized users to access sensitive Custom Settings data that should otherwise be protected. The vulnerability has a CVSS 3.1 base score of 7.5, indicating a high level of risk. The vector details (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) show that the vulnerability can be exploited remotely over the network without requiring any privileges or user interaction, and it results in a complete confidentiality breach (high impact on confidentiality) but no impact on integrity or availability. Since Salesforce OmniStudio is a low-code development platform used to build customer-facing applications and workflows, exposure of Custom Settings data could lead to leakage of configuration details, business logic parameters, or other sensitive information that could be leveraged for further attacks or data breaches. No known exploits are currently reported in the wild, but the ease of exploitation and the critical nature of the data exposed make this a significant threat. The lack of available patches at the time of reporting increases the urgency for organizations to apply updates once available or implement compensating controls.

For European organizations using Salesforce OmniStudio, this vulnerability poses a significant risk to the confidentiality of sensitive business data. Exposure of Custom Settings could reveal internal configurations, API keys, or business logic parameters that attackers might use to escalate privileges, conduct targeted attacks, or exfiltrate further data. Given the widespread adoption of Salesforce products across various sectors in Europe, including finance, healthcare, and public services, the breach of such data could lead to regulatory non-compliance under GDPR, reputational damage, and financial losses. The fact that exploitation requires no authentication or user interaction increases the risk of automated scanning and exploitation attempts. Organizations relying on OmniStudio for customer engagement or internal workflows may face operational risks if attackers leverage the exposed data to craft sophisticated attacks or social engineering campaigns. Additionally, the exposure of sensitive configuration data could undermine trust in digital services and complicate incident response efforts.

European organizations should prioritize upgrading Salesforce OmniStudio to version 254 or later as soon as the patch becomes available. Until then, they should implement strict network-level access controls to limit exposure of OmniStudio interfaces to trusted IP ranges and internal networks only. Monitoring and logging access to OmniStudio FlexCards and Custom Settings data should be enhanced to detect any anomalous or unauthorized access attempts. Organizations should conduct thorough audits of Custom Settings data to identify and minimize sensitive information stored there, applying the principle of least privilege. Additionally, implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting OmniStudio endpoints can provide a temporary protective layer. Security teams should also review and tighten Salesforce user permissions and roles to reduce the attack surface. Finally, organizations should prepare incident response plans specific to Salesforce environments to quickly address any potential exploitation.