Worrying ServiceNow security flaw could let hackers steal private table data

News
By published

Faulty access controls could grant unauthorized access to ServiceNow table data

Avast cybersecurity
(Image credit: Avast)
  • A mishap in ServiceNow access control lists meant users could be granted access, without meeting all the conditions
  • New controls were added to mitigate the risk
  • Users are advised to review their tables and ACLs

A flaw in ServiceNow could have allowed threat actors to exfiltrate sensitive data from other user’s tables without them ever knowing, security experts have warned.

The flaw, tracked as CVE-2025-3648 and given a severity score of 8.2/10 (high), was dubbed “Count(er) Strike”, and was spotted by security researchers Varonis.

According to Varonis, the bug stems from faulty Access Control Lists (ACLs), used to restrict access to data within the tables. Apparently, each ACL evaluates four conditions when deciding whether or not a user should be granted access to certain resources. To gain access to a resource, all resources need to be satisfied, but if a resource is protected with multiple ACLs, the tool reverts to a previously used “allow if” condition.

Updating the systems

This means that if the user satisfied just one ACL, they would be given (sometimes full) access.

"Each resource or table in ServiceNow can have numerous ACLs, each defining different conditions for access," Varonis said in its report.

"However, if a user passes just one ACL, they gain access to the resource, even if other ACLs might not grant access. If there is no ACL present for the resource, access will default to the default access property which is set to deny in most cases."

According to BleepingComputer, the bug has since been squashed, as ServiceNow introduced a number of new features, including a “Deny Unless ACL”.

This one requires users to pass all ACLs before being granted access. All ServiceNow users are advised to manually review their tables and modify ACs to ensure they are not being overly permissive.

ServiceNow is a cloud-based platform that helps organizations automate and manage IT services, workflows, and business processes, and boasts more than 8,400 companies, including the majority of Fortune 500 businesses.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.