Critical Security Flaw Discovered in ServiceNow Platform

A high-severity security vulnerability, identified as CVE-2025-3648 (CVSS score: 8.2), has been discovered in the ServiceNow platform. This vulnerability, nicknamed Count(er) Strike, involves data inference through poorly configured conditional Access Control List (ACL) rules. If successfully exploited, it could lead to data exposure and exfiltration. The flaw has been described as a case of data inference in the Now Platform.