CVE-2025-62607
📋 TL;DR
An information disclosure vulnerability in Nautobot SSoT app versions before 3.10.0 allows unauthenticated attackers to view the ServiceNow public instance name (e.g., companyname.service-now.com). This affects organizations using vulnerable versions of the Nautobot SSoT app with internet-facing deployments or insufficient access controls.
💻 Affected Systems
- Nautobot Single Source of Truth (SSoT) app
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could identify ServiceNow instance names, potentially enabling targeted phishing or reconnaissance for follow-on attacks against the ServiceNow environment.
Likely Case
Low-value information disclosure revealing organizational ServiceNow instance naming conventions, which could assist in social engineering or targeted attacks.
If Mitigated
No impact if proper network segmentation and authentication controls prevent unauthenticated access to the vulnerable endpoint.
🎯 Exploit Status
Exploitation requires direct HTTP access to the vulnerable configuration page without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.10.0
Vendor Advisory: https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v
Restart Required: No
Instructions:
1. Update Nautobot SSoT app to version 3.10.0 or later using pip: 'pip install nautobot-ssot>=3.10.0' 2. Verify the update completed successfully 3. No service restart required for Nautobot
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to Nautobot administration interfaces using firewall rules or network segmentation.
Authentication Enforcement
allEnsure Nautobot requires authentication for all administrative interfaces and configuration pages.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Nautobot administration interface
- Ensure Nautobot authentication is properly configured and required for all administrative functions
🔍 How to Verify
Check if Vulnerable:
Check if unauthenticated HTTP GET requests to the SSoT configuration page return ServiceNow instance information.Check Version:
pip show nautobot-ssot | grep VersionVerify Fix Applied:
Verify that unauthenticated requests to the SSoT configuration page now return authentication required or access denied responses.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to /ssot/config/ or similar SSoT configuration endpoints
- HTTP 200 responses to unauthenticated configuration page requests
Network Indicators:
- Unusual traffic patterns to Nautobot administration interfaces from external sources
SIEM Query:
source="nautobot" AND (uri_path="/ssot/config/" OR uri_path="/ssot/") AND http_status=200 AND user="-"