PT-2025-39170 · Salesforce · Salesforce Cli
Crispr Xiang
·
Published
2025-09-23
·
Updated
2025-09-25
·
CVE-2025-9844
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Salesforce CLI versions prior to 2.106.6
Description
A flaw exists in the Salesforce CLI on Windows that allows for malicious DLL injection due to an uncontrolled search path element. This can lead to the replacement of trusted executables.
Recommendations
Update Salesforce CLI to version 2.106.6 or later.
Fix
RCE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Salesforce Cli