A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them.
This vulnerability has been assigned a CVSS score of 8.2, classifying it as high severity. Organizations using the Now Platform should prioritize patching immediately to mitigate potential risks associated with unauthorized data inference.
Risk to organizations includes exposure of sensitive data which could lead to privacy violations and regulatory penalties. With no known exploits at this time, the urgency for patching remains high to prevent future exploitation.
In May 2025, ServiceNow delivered a security update designed to enhance customer ACL configurations. Customers are advised to review the knowledge base articles related to this issue for further information.
Organizations should consider implementing the additional access control frameworks introduced by ServiceNow, such as Query ACLs, Security Data Filters, and Deny-Unless ACLs, to strengthen their data protection strategies.
Vulnerability Details
The vulnerability allows data inference due to improper ACL configurations. The CVSS vector indicates that the attack surface is network-based with low complexity, lacking prerequisites for privileges or user interaction.
The vulnerability was published on July 8, 2025, and is classified under CWE-1220. The high confidentiality impact emphasizes the need for immediate remediation.
Technical Analysis
The root cause of this vulnerability stems from the failure to properly enforce ACLs in specific configurations. Attackers may leverage the vulnerability by issuing range query requests that allow unauthorized access to sensitive instance data.
The attack vector is network-based, and the complexity is rated as low, indicating that the vulnerability can be exploited with minimal effort. No privileges are required, and user interaction is not necessary, making it accessible to a wide range of potential attackers.
Risk & Impact Analysis
Real-world deployment risk associated with this vulnerability is significant, as it may lead to unauthorized data access across various applications running on the Now Platform. Organizations must understand that the impact extends beyond data exposure, potentially affecting customer trust and compliance with data protection regulations.
The urgency for remediation is classified as high, given the CVSS score of 8.2. Organizations should integrate this into their patch management processes and prioritize it in their security initiatives.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions prior to the vendor patch are affected by this vulnerability.
Mitigation & Remediation
Organizations should implement the security update provided by ServiceNow in May 2025 to enhance their ACL configurations and prevent unauthorized data access. For those unable to apply the patch immediately, it is recommended to review and strengthen the existing ACLs and consider the adoption of additional access control frameworks such as Query ACLs and Security Data Filters.
For a comprehensive approach to security, organizations should consider engaging in penetration testing to validate their security posture.
Detection Guidance
Organizations should monitor logs for unusual query patterns, particularly those involving range queries that may indicate attempts to exploit this vulnerability. Additionally, behavioral anomalies that deviate from normal access patterns should be flagged for further investigation.
AppSecure Threat Intelligence Insight
The emergence of this vulnerability highlights a critical need for organizations to review their access control mechanisms regularly. Implementing robust security frameworks can mitigate risks associated with unauthorized data access.
Learning from this incident, organizations should prioritize proactive security measures, including regular audits of ACL configurations and user access privileges. For more insights on enhancing your security framework, consider reading our vulnerability management program and the importance of continuous security assessments.
Organizations should also stay informed about the latest trends in threat intelligence to adapt their defenses accordingly. Resources such as our penetration testing methodology and insights into emerging threats can provide valuable guidance.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)