CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs. Additionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations. Customers, please review the KB Articles in the References section.

CVSS

No CVSS.

References

Link	Resource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2139567
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2256712

Configurations

No configuration.

History

08 Jul 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 16:15

Updated : 2025-07-08 17:15

NVD link : CVE-2025-3648

Mitre link : CVE-2025-3648

CVE.ORG link : CVE-2025-3648

JSON object : View

Products Affected

No product.

CWE

CWE-1220

Insufficient Granularity of Access Control

{"id": "CVE-2025-3648", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@servicenow.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-08T16:15:57.280", "references": [{"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494", "source": "psirt@servicenow.com"}, {"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2139567", "source": "psirt@servicenow.com"}, {"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2256712", "source": "psirt@servicenow.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@servicenow.com", "description": [{"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them.\n\nTo assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs.\n\nAdditionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations.\n\nCustomers, please review the KB Articles in the References section."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Now Platform que podr\u00eda provocar la inferencia de datos sin autorizaci\u00f3n. Bajo ciertas configuraciones de listas de control de acceso condicional (ACL), esta vulnerabilidad podr\u00eda permitir que usuarios, tanto autenticados como no autenticados, utilicen solicitudes de consulta de rango para inferir datos de instancias a los que no deber\u00edan tener acceso. Para ayudar a los clientes a mejorar los controles de acceso, ServiceNow ha introducido marcos de control de acceso adicionales en Xanadu y Yokohama, como las ACL de consulta, los filtros de datos de seguridad y las ACL de denegaci\u00f3n. Adem\u00e1s, en mayo de 2025, ServiceNow entreg\u00f3 a sus clientes una actualizaci\u00f3n de seguridad dise\u00f1ada para mejorar las configuraciones de las ACL. Consulten los art\u00edculos de la base de conocimientos en la secci\u00f3n de Referencias."}], "lastModified": "2025-07-08T17:15:34.267", "sourceIdentifier": "psirt@servicenow.com"}