What is CVE-2025-0337?

CVE-2025-0337 is a medium-severity vulnerability in Servicenow Now Platform, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.5/10. Published 2025-03-06.

How severe is CVE-2025-0337?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Servicenow Now Platform

CVE-2025-0337

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (7.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Servicenow Now Platform — versions 0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

support.servicenow.com/kb

Frequently asked questions

What is CVE-2025-0337?: CVE-2025-0337 is a medium-severity vulnerability in Servicenow Now Platform, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.5/10. Published 2025-03-06.
How severe is CVE-2025-0337?: Medium severity. CVSS v3 base score is 6.5 out of 10.