5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-62607

GHSA ID

GHSA-535g-62r7-cx6v

EPSS Score

CWE

CWE-306

Published

10/21/2025

Updated

10/21/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62607

CVE-2025-62607: Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication.

URL: /plugins/ssot/servicenow/config/

Impact

What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page.

Patches

Has the problem been patched? What versions should users upgrade to? We highly recommend upgrading to SSoT v3.10.0 which includes this patch.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? Disable the servicenow SSoT integration

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-62607

GHSA ID

GHSA-535g-62r7-cx6v

EPSS Score

CWE

CWE-306

Published

10/21/2025

Updated

10/21/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nautobot-ssot	pip	< 3.10.0	3.10.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the nautobot_ssot.integrations.servicenow.views.SSOTServiceNowConfigView class, which was responsible for rendering the ServiceNow configuration page. Before the patch, this class did not have any authentication or permission checks, allowing unauthenticated users to access it and view the ServiceNow instance name. The provided patch addresses this by adding the ObjectPermissionRequiredMixin to the view, which enforces that a user must have the 'change' permission for the SSOTServiceNowConfig model to access the page. The commit 1530d25cdeb929641ec47644f9a0a1d9d41e1cb8 clearly shows this change. The vulnerability is a classic case of missing authentication for a critical function, which in this case is the configuration view that exposes sensitive, albeit low-value, information.

Vulnerable functions

nautobot_ssot.integrations.servicenow.views.SSOTServiceNowConfigView

nautobot_ssot/integrations/servicenow/views.py

The vulnerability existed because the `SSOTServiceNowConfigView` class, which handles the ServiceNow configuration page, did not enforce any authentication or permission checks. It inherited directly from Django's `UpdateView`, making it publicly accessible. An unauthenticated attacker could access this view to retrieve the ServiceNow instance name. The patch mitigates this by adding the `ObjectPermissionRequiredMixin`, which ensures that only authenticated users with the necessary permissions can access the view.

WAF Protection Rules

WAF Rule

T** s*rvi**now *on*i* URL is usin* * **n*ri* *j*n*o Vi*w wit* no *ut**nti**tion. URL: `/plu*ins/ssot/s*rvi**now/*on*i*/` ### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ *n Un*ut**nti**t** *tt**k*r *oul* ****ss t*is p*** to vi*w t**

Reasoning

T** vuln*r**ility li*s in t** `n*uto*ot_ssot.int**r*tions.s*rvi**now.vi*ws.SSOTS*rvi**Now*on*i*Vi*w` *l*ss, w*i** w*s r*sponsi*l* *or r*n**rin* t** S*rvi**Now *on*i*ur*tion p***. ***or* t** p*t**, t*is *l*ss *i* not **v* *ny *ut**nti**tion or p*rmiss

5.3

Basic Information

Concerned about an active attack path?

CVE-2025-62607: Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

Impact

Patches

Workarounds

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI