Salesforce warns customers of attacks targeting misconfigured experience cloud sites

Salesforce has warned customers that threat actors are actively targeting publicly accessible websites built on its Experience Cloud platform when guest user permissions are misconfigured, potentially exposing sensitive data to unauthorized access.

The company, a U.S.-based provider of cloud customer relationship management software, issued guidance after identifying attacks against the /s/sfsites/aura API endpoint on Experience Cloud instances where guest users were granted broader permissions than intended. In these scenarios, anonymous visitors may gain the ability to query Salesforce CRM data without authentication.

Salesforce stated that the activity does not stem from a vulnerability in the platform itself but from customer configurations that allow guest profiles to access more information than necessary.

“It is important to note that Salesforce remains secure, and this issue is not due to any vulnerability inherent to our platform. Our investigation to date confirms that this activity relates to a customer-configured guest user setting, not a platform security flaw,” the company said in its advisory.

Experience Cloud sites commonly use guest user profiles to allow anonymous visitors to view information meant to be public. When those profiles contain excessive permissions, attackers may directly query Salesforce CRM objects through public APIs.

Security investigations revealed that attackers are deploying a modified version of AuraInspector, an open-source auditing tool originally developed by Mandiant to help administrators detect access control misconfigurations within the Salesforce Aura framework. The altered version is being used to scan large numbers of Experience Cloud sites for exposed data.

Mandiant, a cybersecurity firm that provides incident response and threat intelligence services, confirmed that threat actors are misusing the tool to automate scanning across Salesforce environments.

“We are aware of a threat actor attempting to facilitate intrusions by misusing the AuraInspector open-source tool to automate vulnerability scans across Salesforce environments,” said Charles Carmakal, chief technology officer at Mandiant Consulting. “We are working closely with Salesforce and our customers to provide the necessary telemetry and detection rules to mitigate potential risk.”

Salesforce noted that detecting scanning activity in system logs does not necessarily indicate that a system has been compromised.

The extortion group known as ShinyHunters has claimed responsibility for a wave of data theft operations targeting Experience Cloud sites. The group stated that it began exploiting insecure guest access configurations in September 2025 and located vulnerable systems by scanning the internet for the /s/sfsites/ endpoint associated with Salesforce Aura applications.

The attackers reported compromising about 100 high-profile companies, including organizations in the cybersecurity sector, and estimated the total number of affected organizations between 300 and 400.

Salesforce said attackers initially exploited the ability to query records through the company’s GraphQL API, which normally limits queries to 2,000 records at a time. Threat actors described using a query parameter known as sortBy to bypass that restriction before Salesforce addressed the issue.

After AuraInspector was released in January to help administrators detect configuration problems, the attackers said they modified the tool to expand reconnaissance capabilities and conduct large-scale scans of public-facing Experience Cloud environments. Salesforce confirmed that the modified tool has been used to conduct mass scanning of exposed sites.

The threat actors also developed a separate data exfiltration tool that uses a user agent string identified as “Anthropic/RapeForceV2.01.39 (AGENTIC)” to retrieve information from affected systems.

Salesforce stated that customers can reduce exposure by auditing guest user permissions and applying the principle of least privilege. The company emphasized that the most significant defensive step is disabling guest access to public APIs and removing the “API Enabled” setting from guest profiles.

Additional defensive measures include setting external access defaults to private, disabling portal and site user visibility to prevent enumeration of internal users, and turning off self-registration features unless they are necessary.

Salesforce also urged administrators to review Aura Event Monitoring logs for unusual access patterns, unfamiliar IP addresses, or queries involving objects that should not be publicly accessible. Organizations are advised to designate a security contact so alerts about potential threats can reach the appropriate personnel quickly.

The ShinyHunters group has also claimed to have discovered additional techniques that allow data extraction from Aura instances even when they are properly configured. Salesforce stated that its investigation continues and maintains that the platform itself does not contain a security vulnerability related to the reported activity.