ServiceNow has revealed details of a critical security flaw affecting the ServiceNow AI platform that is currently being patched. This flaw could allow an unauthenticated user to impersonate another user and perform arbitrary actions as that user.
This vulnerability was tracked as CVE-2025-12420 and had a CVSS score of 9.3 out of 10.0.
“This problem is […] “An unauthenticated user could impersonate another user and perform actions that the impersonated user could perform,” the company said in an advisory published Monday.
This shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a security update to the majority of its hosted instances, and the company also shared the patch with ServiceNow partners and self-hosted customers.
The following version includes the fix for CVE-2025-12420 –
Now Assist AI Agent (sn_aia) – 5.1.18 and above and 5.2.19 and above Virtual Agent API (sn_va_as_service) – 3.15.2 and above and 4.0.4 and above
ServiceNow credits Aaron Costello, head of SaaS security research at AppOmni, with discovering and reporting the vulnerability in October 2025. Although there is no evidence that this vulnerability has been exploited, users are encouraged to apply the appropriate security updates as soon as possible to mitigate the potential threat.
The disclosure comes nearly two months after AppOmni revealed that malicious attackers could exploit the default configuration of ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agent capabilities to perform secondary prompt injection attacks.
This issue can then be weaponized to perform unauthorized actions, allowing attackers to copy and extract sensitive corporate data, modify records, or escalate privileges.
Source link
