ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data

A significant vulnerability in ServiceNow’s platform, designated CVE-2025-3648 and dubbed “Count(er) Strike,” enables attackers to exfiltrate sensitive data, including PII, credentials, and financial information.  This high-severity vulnerability exploits the record count UI element on list pages through enumeration techniques and query filters, potentially affecting all ServiceNow instances with hundreds of tables at risk.  Key Takeaways1. […]

The post ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: