Main Vulnerability Database Vulnerabilities #VU112705

#VU112705 Improper access control in ServiceNow - CVE-2025-3648

Published: July 9, 2025

Vulnerability identifier: #VU112705

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-3648

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ServiceNow

Software vendor:
ServiceNow

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to sensitive information.

Remediation

Install updates from vendor's website.

Note, it is unclear, in which versions of ServiceNow the vulnerability was fixed.

External links

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2139567
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2256712
https://www.varonis.com/blog/counter-strike-servicenow

#VU112705 Improper access control in ServiceNow - CVE-2025-3648

Description

Remediation

External links

Please verify you're human