{"data":{"id":"b6ef0487-c407-42cb-a974-4c376c32279f","title":"CVE-2025-64320: Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Co","summary":"CVE-2025-64320 is a code injection vulnerability in Salesforce Agentforce Vibes Extension that occurs because the software doesn't properly filter user input before sending it to an LLM (large language model), allowing attackers to inject malicious code. The vulnerability affects versions before 3.2.0 of the extension.","solution":"Update Salesforce Agentforce Vibes Extension to version 3.2.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64320","publishedAt":"2025-11-04T19:17:11.693Z","cveId":"CVE-2025-64320","cweIds":["CWE-94"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Salesforce","Salesforce Agentforce"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00073,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}