Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Joseph K
Sep 24
1 min read

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection.

The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security, which discovered and reported the problem on July 28, 2025. It impacts any organization using Salesforce Agentforce with the Web-to-Lead functionality enabled.

https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html

Comments

The $35 Billion System Used By Salesforce And The Founders Who Sold To Them

Oct 29

Salesforce Executive Urges Companies to Adapt AI Strategies for Future Relevance

Oct 28

Salesforce India debuts Agentforce Life Sciences to drive customer engagement and alleviate doctor burnout

Oct 28

Facing an Uproar, Salesforce CEO Marc Benioff Showed Why He’s an Effective Leader

Oct 28

Salesforce Dreams Of The Agentic Enterprise

Oct 28

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Comments

Recent Posts

The $35 Billion System Used By Salesforce And The Founders Who Sold To Them

Salesforce Executive Urges Companies to Adapt AI Strategies for Future Relevance

Salesforce India debuts Agentforce Life Sciences to drive customer engagement and alleviate doctor burnout

Facing an Uproar, Salesforce CEO Marc Benioff Showed Why He’s an Effective Leader

Salesforce Dreams Of The Agentic Enterprise

Search By Tags

Get In Touch

Headquarters

Seoul Office