CVE-2025-62607: Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
(updated )
The servicenow config URL is using a generic django View with no authentication.
URL: /plugins/ssot/servicenow/config/
References
- github.com/advisories/GHSA-535g-62r7-cx6v
- github.com/nautobot/nautobot-app-ssot
- github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8
- github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0
- github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v
- nvd.nist.gov/vuln/detail/CVE-2025-62607
Code Behaviors & Features
Detect and mitigate CVE-2025-62607 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →