AI description
CVE-2025-0337 is an authorization bypass vulnerability found in ServiceNow's Now Platform. Exploitation allows authenticated users to access data within the platform that they would not normally be authorized to view. This vulnerability affects the Washington release of the Now Platform and was identified by Justin Hocquel. Patches addressing this vulnerability have been released and are available for hosted and self-hosted customers, as well as partners. These include Washington DC Patch 9, Xanadu Patch 4, and the Yokohama General Availability (Patch 1) release. Users are strongly encouraged to update their systems to mitigate the risk of exploitation.
- Description
- ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise would not be entitled to access. This issue is addressed in the listed patches and family release, which have been made available to hosted and self-hosted customers, as well as partners.
- Source
- psirt@servicenow.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@servicenow.com
- CWE-639
- Hype score
- Not currently trending
Threat Alert: ServiceNow Addresses Authorization Bypass Vulnerability in Now Platform (CVE-202 CVE-2025-0337 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/nIwyC4PjNa #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
11 Mar 2025
12 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-0337 : ServiceNow Addresses Authorization Bypass Vulnerability in Now Platform 📊 819K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/5nsiiPMxZ9 👇Query HUNTER : https://t.co/q9rtuGgxk7="ServiceNow" FOFA :… https://t.co/EY
@HunterMapping
11 Mar 2025
4751 Impressions
13 Retweets
76 Likes
39 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2025-21333 3 - CVE-2025-27607 4 - CVE-2025-0337 5 - CVE-2025-27840 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨人気のPythonロギングライブラリにリモートコード実行の脆弱性:CVE-2025-27607 🔨ServiceNow、Now Platformにおける認可バイパスの脆弱性に対処:CVE-2025-0337 〜サイバーセキュリティ週末の話題〜 https://t.co/Mp0ZbgojR9 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
10 Mar 2025
98 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨ATTENTION🚨CVE-2025-0337 just dropped: an auth bypass flaw in ServiceNow's Now Platform. If exploited, this bad boy could let authenticated users peek at data they shouldn’t see. Yikes!😱 ZoomEye Dork👉app="ServiceNow" clocking 481k+ hits Check it: https://t.co/lXFLN8iywg Get
@zoomeye_team
9 Mar 2025
779 Impressions
5 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
ServiceNowがNow Platformにおける忍界迂回の脆弱性CVE-2025-0337を修正。認証後のユーザーが本来アクセスできないデータへのアクセスが可能となるもの。CVSSスコア7.1。 https://t.co/a7FYw9NgwR
@__kokumoto
8 Mar 2025
706 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-0337 impacts ServiceNow #CVE-2025-0237 #ServiceNow https://t.co/nOYL9RvC2t
@pravin_karthik
8 Mar 2025
42 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
ServiceNow Addresses Authorization Bypass Vulnerability in Now Platform (CVE-2025-0337) https://t.co/NqPKT3XEuA
@Dinosn
8 Mar 2025
2947 Impressions
11 Retweets
44 Likes
13 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-0337 🔴 HIGH (7.1) 🏢 ServiceNow - Now Platform 🏗️ 0 🔗 https://t.co/eExWb7TosG #CyberCron #VulnAlert #InfoSec https://t.co/qVIMYM4WVx
@cybercronai
7 Mar 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-0337 ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, pote… https://t.co/vuRe7b1VPL
@CVEnew
7 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNowはCVE(CVE-2025-0337)を公開しました。 ユーザー制御の鍵による認証回避(CWE-639)の脆弱性で、CVSSスコアは7.1(HIGH)です。 対処済みバージョンは以下です。 ・Washington DC Patch 9 以降 ・Xanadu Patch 4 以降 ・Yokohama GA (Patch 1) 以降 https://t.co/XmUdtfSYdh #ServiceNow
@mio_yokohama
7 Mar 2025
74 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-0337 🔴 HIGH (7.1) 🏢 ServiceNow - Now Platform 🏗️ 0 🔗 https://t.co/eExWb7TosG #CyberCron #VulnAlert #InfoSec https://t.co/DH24SKnGD0
@cybercronai
6 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes