A critical vulnerability, dubbed ForcedLeak (CVSS score: 9.4), has been identified in Salesforce Agentforce, a platform for creating AI agents. Discovered by Noma Security on July 28, 2025, this flaw allows attackers to potentially exfiltrate sensitive customer relationship management (CRM) data through indirect prompt injection. The vulnerability affects organizations using the Web-to-Lead functionality, enabling malicious instructions to be inserted into external data sources accessed by AI agents.
Noma Security highlighted that this exploit involves submitting a Web-to-Lead form with malicious content that triggers unauthorized AI commands, leading to data leaks sent to attacker-controlled domains. Salesforce has responded by securing the expired domain and implementing patches to enforce a Trusted URL allowlist, preventing malicious links. Users are advised to audit lead data for suspicious submissions, apply strict input validation, and sanitize data from untrusted sources. This incident underscores the importance of proactive AI security measures to protect sensitive data from potential breaches.
Source link
