Detections
Analytics

ServiceNow Platform Authorization Bypass (CVE-2025-0337)

medium Nessus Plugin ID 232730

Synopsis

ServiceNow Platform is affected by a Authorization Bypass vulnerability.

Description

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access data stored within the Now Platform that the user otherwise would not be entitled to access. CVE-2025-0337

Solution

Upgrade to the version referenced in the vendor advisory.

See Also

http://www.nessus.org/u?1b7109be

Plugin Details

Severity: Medium

ID: 232730

File Name: servicenow_platform_CVE-2025-0337.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 3/14/2025

Updated: 3/14/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2025-0337

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:servicenow:servicenow

Required KB Items: installed_sw/ServiceNow Platform

Patch Publication Date: 3/6/2025

Vulnerability Publication Date: 3/6/2025

Reference Information

CVE: CVE-2025-0337

IAVA: 2025-A-0180