A high-severity security flaw, tracked as CVE-2025-3648 (CVSS score: 8.2), has been identified in ServiceNow’s platform, potentially allowing data exposure and exfiltration through data inference in Now Platform via conditional access control list (ACL) rules. This vulnerability is codenamed Count(er) Strike.
Explain It To Me Like I’m 5: A critical security vulnerability known as CVE-2025-3648, codenamed Count(er) Strike, has been identified in ServiceNow’s platform, potentially allowing attackers to expose and exfiltrate sensitive data through flawed conditional access control list (ACL) rules.
Want More Context? 🔎
Loading PerspectiveSplit analysis...
