Broken Access Control in ServiceNow AI Platform
CVE-2025-3089

5.3MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow Ai Platform
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-3089?

A Broken Access Control vulnerability in the ServiceNow AI Platform may enable low privileged users to bypass established access controls, allowing them to perform actions typically reserved for higher privileged users. This could result in unauthorized modifications of sensitive data. ServiceNow has released patches and updates to mitigate this issue for both hosted and self-hosted customers, as well as partners.

Affected Version(s)

ServiceNow AI Platform Aspen

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Doukani Mohammed Adam

Servicenow

What is CVE-2025-3089?

Affected Version(s)

References

CVSS V4

Timeline

Credit