CVE-2025-3648

Description

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs. Additionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations. Customers, please review the KB Articles in the References section.

Weakness Type (CWE)

CWE-1220 CWE-1220

References

Other References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494 https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2139567 https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2256712

Frequently Asked Questions

What is CVE-2025-3648? +

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs. Additionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations. Customers, please review the KB Articles in the References section.

How do I check if I'm vulnerable to CVE-2025-3648? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-21962

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially …

CVE-2025-31201 9.8

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS …

CVE-2026-6356 9.6

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through …

CVE-2025-4404 9.1

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate …

CVE-2025-8053 9.1

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could …

CVE-2025-7493 9.1

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where …