Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS
Identity

ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS

userBy userJuly 10, 2025No Comments5 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

ServiceNow’s platform discloses high-strength security flaws, which, if exploited successfully, could lead to data exposure and removal.

The vulnerability tracked as CVE-2025-3648 (CVSS score: 8.2) is described as a case of data inference on current platforms through conditional access control list (ACL) rules. There was a codename (ER) strike.

“Vulnerabilities are currently being identified on the platform, and data may be inferred without authorization,” ServiceNow said in a breaking news report. “Under a specific Conditional Access Control List (ACL) configuration, the vulnerability allows ruthless, authenticated users to infer instance data that is inaccessible using range query requests.”

The cybersecurity company Varonis, which discovered and reported the flaw in February 2024, said it could have been misused by a malicious actor to gain unauthorized access to sensitive information, including personally identifiable information (PII) and credentials.

At that core, the drawbacks affect the record count UI elements of the list page. This could be a minor abuse of inferring and publishing sensitive data from various tables within ServiceNow.

“This vulnerability could potentially impact all ServiceNow instances and affect hundreds of tables,” Varonis researcher Neta Armon said in an analysis Wednesday.

“In most cases, this vulnerability is relatively simple and requires minimal table access, such as weak user accounts within an instance or self-registered anonymous users, bypassing the need for high privileges and potentially leading to sensitive data exposure.”

Cybersecurity

Specifically, the company found that while being managed by an ACL configuration, it can be used to collect information using access to ServiceNow tables.

In these cases, the user will be prompted to include the count along with “number of lines removed from this list due to security constraints.” However, if access to a resource is blocked due to a “required role” or “security attribute condition,” the user will receive a blank page with the message “Security constraints prevent access to the requested page.”

It is worth mentioning that the four ACL conditions are evaluated in a specific order, starting with a role, followed by security attributes, data conditions, and finally script conditions. All these conditions must be met for users to access the resource. A state left empty is considered to be of no limitation of any kind.

The fact that the responses differ based on the four ACL conditions opens a new attack route that threat actors can take advantage of to determine which access conditions are not met, and repeatedly querising the database tables by enumerating the desired information using a combination of query parameters and filters. Tables that are protected only by data or scripting conditions are susceptible to inference attacks.

“As long as users on an instance have access to at least one misunderstood table, this vulnerability can be minimized and even unassigned users can take advantage of it,” Armon said. “This vulnerability applies to any table in an instance where the ACL rule has at least one ACL rule, where the first two conditions remain empty or excessively tolerant. This is a common situation.”

Worse, threat actors can use techniques such as dotwalking and self-registration to expand the explosion radius of the defect so that they can access additional data from referenced tables, create accounts, and access the instance without the need for prior approval from the administrator.

Depending on your findings, ServiceNow introduces new security mechanisms such as Query ACLS, Security Data Filters, and Deny ACLS to counter the risks posed by data inference blind query attacks. Although there is no evidence that this issue has been exploited in the wild, all ServiceNow customers are urged to apply the necessary guardrails to sensitive tables.

“ServiceNow customers should also note that query ACLS for the query range is set to default deny, so they should create an exclusion to maintain the ability to perform such actions,” Armon said.

DLL hijacking defect in Lenovo Trackpoint Quick Menu Software

This development has detailed the flaw in privilege escalation (CVE-2025-1729) in the trackpoint quick menu software (“TPQMASSISTANT.EXE”) found in Lenovo Computers, allowing local attackers to escalate privileges by hijacking the vulnerability.

This flaw is addressed in version 1.12.54.0 released on July 8, 2025, following responsible disclosure at the beginning of January this year.

“The directory housing ‘tpqmassistant.exe’ is easy for standard users to write letters, already a red flag,” said security researcher Oddber Moh. “Folder permissions allow the creator’s owner to write files, meaning local users can drop files to this location.”

Cybersecurity

“When a scheduled task (or the binary itself) is triggered, it tries to load “hostfxr.dll” from the working directory, but the name cannot be found.

As a result, an attacker can place a malicious version of “hostfxr.dll” in “c:\programdatallenovoltpqm\assistant” when the binary is started.

Microsoft addresses a bug in Kerberos Dos

Findings also follow the publication of the defect read out of the Netlogon Protocol (CVE-2025-47978, CVSS score: 6.5) for Windows Kerberos. The vulnerability was addressed by Microsoft as part of the patch for the Tuesday July 2025 update.

Silverfort, which assigned Notlogon to CVE-2025-47978, said it would allow “domain binding machines with minimal privileges to send specially created authentication requests that crash the domain controller and cause a full reboot.”

“This vulnerability does not require high privileges that require standard network access and weak machine accounts. In a typical enterprise environment, modest users can create such accounts by default.”

Cybersecurity companies also noted that the crash primarily affected the local security department’s subsystem services (LSASS). It says this is a critical security process for Windows, which is responsible for enforcing security policies and handling user authentication. Therefore, the successful exploitation of CVE-2025-47978 can destabilize or disrupt Active Directory services.

“Using only a valid machine account and crafted RPC messages allows an attacker to crash a domain controller remotely, a system responsible for core Active Directory functions, including authentication, authorization, group policy enforcement, and service ticket issue,” Segal said.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleDorm Style Housing: Solutions for DC’s vacant office buildings
Next Article Sewage runoff and coastal winds fuel microplastic pollution
user
  • Website

Related Posts

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

July 10, 2025

What security leaders need to know about AI governance in SaaS

July 10, 2025

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

July 10, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.