The vulnerability in Salesforce Uni2TS arises from improper control over the generation of code, a true code injection flaw. An attacker who can manipulate input data to the application can cause executables to be generated or executed from files that were not originally marked as executable. This flaw enables arbitrary code execution, which can lead to full compromise of the affected system, including data theft, destruction, or the use of the host as a pivot point for further attacks.

Salesforce Uni2TS installations on macOS, Windows, and Linux distributions the vulnerability affects all versions up through 1.2.0. Any deployment using the Uni2TS application in the specified operating systems is susceptible unless patched beyond the vulnerable release.

The flaw is assigned a high CVSS score of 9.8, indicating catastrophic potential. The EPSS score indicates a very low current exploitation probability (less than 1 percent), and at present the vulnerability is not listed in the CISA KEV catalog. When analyzed, it appears that the attack vector relies on the ability to introduce malicious code into files that the application processes and then cause those files to be executed as if they were binaries. Although exploitation would require the attacker to supply or gain control over sensitive files on the system, the high severity and proven code‑generation weakness make it a substantial threat if a local or managed code path is available.