CVE-2025-64320 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-64320?

CVE-2025-64320 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to inject malicious code into Salesforce Agentforce Vibes Extension's LLM prompting system. When exploited, it could lead to unauthorized actions or data exposure. All users of Salesforce Agentforce Vibes Extension versions before 3.2.0 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious code into Salesforce Agentforce Vibes Extension's LLM prompting system. When exploited, it could lead to unauthorized actions or data exposure. All users of Salesforce Agentforce Vibes Extension versions before 3.2.0 are affected.

💻 Affected Systems

Products:

Salesforce Agentforce Vibes Extension

Versions: All versions before 3.2.0

Operating Systems: Any OS running Salesforce Agentforce

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the LLM prompting functionality within the Agentforce Vibes Extension specifically.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Salesforce instance, allowing attackers to execute arbitrary code, access sensitive customer data, and potentially pivot to other systems.

🟠

Likely Case

Limited code execution within the Salesforce environment, potentially allowing data exfiltration or manipulation of business processes.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability would be prevented from being exploited.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of LLM prompt injection techniques and access to the vulnerable interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.0

Vendor Advisory: https://help.salesforce.com/s/articleView?id=005228032&type=1

Restart Required: No

Instructions:

1. Log into Salesforce Admin console. 2. Navigate to AppExchange packages. 3. Locate Agentforce Vibes Extension. 4. Upgrade to version 3.2.0 or later. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable LLM Features

all

Temporarily disable the LLM prompting functionality in Agentforce Vibes Extension

Restrict User Access

all

Limit access to the Agentforce Vibes Extension to only essential users

🧯 If You Can't Patch

Implement strict input validation and sanitization for all LLM prompt inputs
Monitor logs for unusual LLM prompt patterns or unexpected code execution attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Agentforce Vibes Extension in Salesforce Setup > Installed Packages

Check Version:

Not applicable - check via Salesforce Admin interface

Verify Fix Applied:

Confirm version is 3.2.0 or higher in Salesforce Setup > Installed Packages

📡 Detection & Monitoring

Log Indicators:

Unusual LLM prompt patterns
Unexpected code execution in Salesforce logs
Multiple failed prompt attempts

Network Indicators:

Unusual API calls to Salesforce LLM endpoints
Suspicious data exfiltration patterns

SIEM Query:

source="salesforce" AND (event_type="llm_prompt" OR event_type="code_execution") AND status="unusual"

📊 Metadata

CVE ID: CVE-2025-64320

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-94

Published: November 4, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://help.salesforce.com/s/articleView?id=005228032&type=1 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64320, you might also want to check these: