Critical ServiceNow Platform Vulnerability Enables Data Exfiltration - cyberpress.org

Critical ServiceNow Platform Vulnerability Enables Data Exfiltration By AnuPriya July 10, 2025 Categories: Cyber Security NewsCybersecurityVulnerability Cybersecurity researchers at Varonis Threat Labs have uncovered a high-severity vulnerability in ServiceNow’s widely-used enterprise platform that could have led to significant data exposure and theft of sensitive information, including personally identifiable information (PII), credentials, and other confidential data. The vulnerability, dubbed “Count(er) Strike,” affected the platform used by 85% of Fortune 500 companies and was relatively simple to exploit, requiring only minimal access to target systems. Simple Exploitation Method Raises Major Security Concerns The Count(er) Strike vulnerability exploited a flaw in ServiceNow’s record count UI element on list pages, allowing attackers to use enumeration techniques and query filters to infer and expose sensitive data from various database tables. What made this vulnerability particularly concerning was its simplicity—attackers needed only minimal access to target tables, such as a weak user account within the instance or even a self-registered anonymous user account. The attack method involved manipulating query parameters to filter and refine data returned from tables, allowing malicious actors to retrieve specific records based on defined criteria. By observing changes in record counts displayed on pages, attackers could systematically guess and extract data character by character. The vulnerability was further amplified by ServiceNow’s “dot-walking” feature, which allows users to access data from related tables via reference fields, and the platform’s self-registration capability that could provide anonymous users with basic access credentials. The vulnerability impacted hundreds of tables across several popular ServiceNow solutions commonly used by enterprises for IT service management, customer service management, human resources service delivery, and governance, risk, and compliance functions. These systems routinely handle highly sensitive information including social security numbers, medical records, financial data, API keys, and proprietary business information. ServiceNow Issues Comprehensive Security Response Varonis researchers initially discovered and reported the vulnerability to ServiceNow in February 2024, following responsible disclosure practices. ServiceNow responded by issuing a security update in May 2025 and officially assigned CVE-2025-3648 to the vulnerability on July 8, 2025. The company has confirmed that no known cases of exploitation occurred before the patch was implemented. To address the vulnerability, ServiceNow introduced several new security mechanisms, including Query Access Control Lists (ACLs) that restrict the types of queries users can execute on tables, and Security Data Filters that apply additional filtering based on user roles and security attributes. These new protections specifically defend against blind query attacks where attackers attempt to extract information from database results without being able to directly view the values. ServiceNow and Varonis both recommend that customers immediately review their custom and standard tables and implement the new security mechanisms to protect sensitive data from potential exposure. Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Oracle Releases Urgent Patch for Critical RCE Flaw in Identity Manager and Web Services Manager Cyber Security News March 21, 2026 Threat Actors Leverage Copyright-Themed Emails to Drop PureLog Stealer Cyber Security News March 21, 2026 Google Chrome Update Fixes 26 Security Flaws, Including RCE Vulnerabilities Cyber Security News March 20, 2026 Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls Cyber Security News March 20, 2026 Fake Tools Fuel Vibe-Coded Malware Campaign Targeting Unsuspecting Users cryptocurrency March 20, 2026 Related Stories Cyber Security News Oracle Releases Urgent Patch for Critical RCE Flaw in Identity Manager and Web Services Manager Divya - March 21, 2026 Cyber Security News Threat Actors Leverage Copyright-Themed Emails to Drop PureLog Stealer Divya - March 21, 2026 Cyber Security News Google Chrome Update Fixes 26 Security Flaws, Including RCE Vulnerabilities AnuPriya - March 20, 2026 Cyber Security News Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls AnuPriya - March 20, 2026 cryptocurrency Fake Tools Fuel Vibe-Coded Malware Campaign Targeting Unsuspecting Users Varshini - March 20, 2026 APT Cobra DocGuard Hijacked By Speagle Malware For Sensitive Data Theft Varshini - March 20, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: