Vulnerability Description
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-3089?
CVE-2025-3089 is a documented vulnerability. ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and per...
How severe is CVE-2025-3089?
CVSS scoring is not yet available for CVE-2025-3089. Check NVD for updates.
Is there a patch for CVE-2025-3089?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.