CVE-2025-67750 is a critical code injection vulnerability identified in the lightning-flow-scanner tool, which is used for analyzing and optimizing Salesforce Flows. The affected versions (6.10.5 and below) allow an attacker to craft malicious Salesforce flow metadata files that, when scanned, cause arbitrary JavaScript code execution on the host system. The root cause is the APIVersion rule's reliance on JavaScript's new Function() constructor to evaluate expression strings dynamically without proper sanitization or validation. This unsafe evaluation enables attackers to embed malicious expressions within the rule configuration or the flow metadata itself. When the scanner processes these inputs, the malicious code executes with the privileges of the user running the scanner, potentially compromising developer workstations, continuous integration (CI) runners, or integrated development environments (IDEs) such as VS Code. The vulnerability does not require authentication or user interaction beyond the scanning process, making it highly exploitable in environments where untrusted or external flow metadata files are analyzed. The CVSS v3.1 base score is 8.4, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction needed. Although no exploits have been observed in the wild, the risk is significant due to the potential for remote code execution and lateral movement within development pipelines. The vendor has addressed the issue in version 6.10.6 by presumably removing or securing the unsafe use of new Function(). Organizations using lightning-flow-scanner should upgrade immediately and review their scanning workflows to avoid processing untrusted metadata. Additional controls such as sandboxing scanning environments and monitoring for anomalous behavior during scans are advisable.

For European organizations, this vulnerability poses a significant risk to the security of development and CI/CD environments that utilize lightning-flow-scanner for Salesforce Flow analysis. Successful exploitation could lead to arbitrary code execution on developer machines or build servers, resulting in theft or manipulation of sensitive intellectual property, insertion of malicious code into production pipelines, or disruption of development workflows. Given the integration of Salesforce in many European enterprises for CRM and business process automation, compromised development tools could indirectly impact customer data confidentiality and business operations. The vulnerability could also facilitate lateral movement within internal networks, increasing the risk of broader compromise. Organizations with automated scanning in CI pipelines are particularly vulnerable, as malicious flow metadata could be introduced via third-party repositories or insider threats. The high CVSS score reflects the critical nature of the impact on confidentiality, integrity, and availability. The absence of known exploits in the wild provides a window for proactive mitigation, but the ease of exploitation and lack of required privileges underscore the urgency for patching and risk management.

1. Immediately upgrade lightning-flow-scanner to version 6.10.6 or later to apply the official fix. 2. Implement strict validation and sanitization of all Salesforce flow metadata files before scanning, especially those sourced from external or untrusted repositories. 3. Isolate scanning environments by running the scanner within sandboxed or containerized environments with minimal privileges to limit potential damage from code execution. 4. Integrate runtime monitoring and alerting for anomalous behavior during scanning processes, such as unexpected network connections or file system changes. 5. Review and restrict access to CI/CD runners and developer machines to trusted personnel only, and enforce the principle of least privilege. 6. Conduct regular security audits of development tools and dependencies to identify and remediate similar risks proactively. 7. Educate developers and DevOps teams about the risks of processing untrusted metadata and the importance of using updated tools. 8. Consider implementing code signing or integrity verification mechanisms for flow metadata files to prevent tampering. 9. Maintain an inventory of all instances of lightning-flow-scanner usage across the organization to ensure comprehensive patching and risk assessment.