CVE-2025-9844
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-24
Assigner: Salesforce, Inc.
Description
Description
Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| salesforce | salesforce_cli | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncontrolled Search Path Element issue in the Salesforce CLI on Windows. It allows an attacker to replace a trusted executable by exploiting the way the CLI searches for executables, potentially leading to execution of malicious code.
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing an attacker to execute arbitrary code with elevated privileges, leading to complete compromise of confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70