ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

Retrieved on: 2025-07-10 19:30:50

Tags for this article:

Computer network security

Hacking

Computer security

Software testing

Vulnerability

Common Vulnerability Scoring System

Access-control list

Common Vulnerabilities and Exposures

Privilege escalation

Arbitrary code execution

Exploit

Click the tags to see associated articles and topics

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs. View article details on hiswai:

Summary

An article by The Hacker News unravels recent security vulnerabilities that impact several platforms, highlighting critical risks for data exposure and system security.

A high-severity flaw in ServiceNow called CVE-2025-3648 could enable unauthorized data access through ACL misconfigurations, making sensitive information vulnerable. Furthermore, vulnerabilities in Lenovo's TrackPoint software and Windows Kerberos expose systems to privilege escalation and denial of service, respectively. It's crucial for enterprises to address these bugs to secure their digital environments.

ServiceNow’s conditional ACL rules can expose sensitive data.
Lenovo’s software flaw allows privilege escalation through DLL hijacking.
Windows Kerberos vulnerability risks domain controller stability.
Companies should implement security patches to mitigate these threats.

Article found on: thehackernews.com

View Original Article