Primary

Context

ServiceNow Now Platform Authorization Bypass Vulnerability

Vulnerability

An authorization bypass vulnerability has been identified in the Washington release of the ServiceNow Now Platform. This vulnerability could allow an authenticated user to access unauthorized data within the platform that they would not normally be entitled to. The issue has been addressed in Washington DC Patch 9, Xanadu Patch 4, and the Yokohama General Availability release.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data within the Now Platform.

Remediation

Users can upgrade to Washington DC Patch 9, Xanadu Patch 4, or the Yokohama General Availability release to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ServiceNow Now Platform Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating