Cybersecurity experts have uncovered a critical vulnerability called ForcedLeak affecting Salesforce Agentforce, which could allow attackers to exfiltrate sensitive CRM data through prompt injection attacks. Salesforce has responded by applying patches and enforcing a Trusted URL allowlist to reduce this threat. #Salesforce #ForcedLeak
Keypoints
- A critical flaw named ForcedLeak affects Salesforce Agentforce impacting AI-driven CRM functionalities.
- The vulnerability enables attackers to exfiltrate sensitive data via indirect prompt injection through Web-to-Lead forms.
- Attacks leverage malicious input in the Description field to execute unauthorized commands and leak data.
- Salesforce has patched the issue by banning output to untrusted URLs and enforcing a URL allowlist.
- Organizations should audit lead data, validate inputs, and sanitize external data sources to prevent prompt injection attacks.
Read More: https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html