CVE-2025-64321 | THREATINT

Description

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.

PUBLISHED Reserved 2025-10-30 | Published 2025-11-04 | Updated 2025-11-05 | Assigner Salesforce

Problem types

CWE-1427 Improper Neutralization of Input Used for LLM Prompting

Product status

Default status

unaffected

Any version before 3.2.0

affected

References

help.salesforce.com/s/articleView?id=005228032&type=1

cve.org (CVE-2025-64321)

nvd.nist.gov (CVE-2025-64321)

Download JSON