Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Sep 25, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS…