CVE-2025-3089

12.08.2025, 16:15

ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications.This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
SN	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Vulnerability Media Exposure

[GERMAN] ServiceNow Now Platform (AI Platform): Schwachstelle ermöglicht Umgehung von Sicherheitsmechanismen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ServiceNow Now Platform (AI Platform) ausnutzen, um Sicherheitsmechanismen zu umgehen.
Published: 2025-08-12T22:00:00+00:00

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2264930