Broken Access Control in ServiceNow AI Platform_CVE-2025-3089

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Description

ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.

Basic Information

ID CVE-2025-3089

Source SN

Published Aug 12, 2025 at 16:06

Modified Aug 12, 2025 at 18:17

Affected Product

Vendor ServiceNow

Product ServiceNow AI Platform

Version Aspen

Affected Versions ServiceNow ServiceNow AI Platform Aspen
ServiceNow ServiceNow AI Platform Aspen
ServiceNow ServiceNow AI Platform Aspen
ServiceNow ServiceNow AI Platform Aspen
ServiceNow ServiceNow AI Platform Aspen
ServiceNow ServiceNow AI Platform Aspen

CWE Classification

CWE-639

References

support.servicenow.com /kb

{
    "lastseen": "",
    "description": "ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications.\u00a0This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.",
    "published": "2025-08-12T16:06:39.883Z",
    "modified": "2025-08-12T18:17:15.832Z",
    "type": "cve",
    "title": "Broken Access Control in ServiceNow AI Platform",
    "source": "SN",
    "references": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2264930",
    "id": "CVE-2025-3089",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "ServiceNow ServiceNow AI Platform Aspen\nServiceNow ServiceNow AI Platform Aspen\nServiceNow ServiceNow AI Platform Aspen\nServiceNow ServiceNow AI Platform Aspen\nServiceNow ServiceNow AI Platform Aspen\nServiceNow ServiceNow AI Platform Aspen",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ServiceNow AI Platform",
    "version": "Aspen",
    "vendor": "ServiceNow",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}