A significant vulnerability in ServiceNow’s platform, designated CVE-2025-3648 and dubbed “Count(er) Strike,” enables attackers to exfiltrate sensitive data, including PII, credentials, and financial information. This high-severity vulnerability exploits the record count UI element on list pages through enumeration techniques and query filters, potentially affecting all ServiceNow instances with hundreds of tables at risk. Key Takeaways1. […]
The post ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data appeared first on Cyber Security News.
This article has been indexed from Cyber Security News