Broken Access Control in ServiceNow AI Platform
CVE-2025-3089

5.3MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow Ai Platform
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-3089?

A Broken Access Control vulnerability in the ServiceNow AI Platform may enable low privileged users to bypass established access controls, allowing them to perform actions typically reserved for higher privileged users. This could result in unauthorized modifications of sensitive data. ServiceNow has released patches and updates to mitigate this issue for both hosted and self-hosted customers, as well as partners.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ServiceNow AI Platform Aspen

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Doukani Mohammed Adam

JSON

Servicenow

What is CVE-2025-3089?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.