July 9, 2025 By Lawrence Abrams
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access.
ServiceNow is a cloud-based platform that enables organizations to manage digital workflows for their enterprise operations. It is widely adopted across various industries, including public sector organizations, healthcare, financial institutions, and large enterprises.
The flaw was discovered by Varonis Threat Labs in February 2025 and assigned the CVE-2025-3648 identifier, and may impact configurations with misconfigured or overly permissive ACLs.
ServiceNow released additional access control frameworks in the Xanadu and Yokohama versions, released last month, to address the issue. However, all admins should review existing tables to ensure their data is properly locked down.
