AI description
CVE-2025-12420 is a vulnerability identified in the ServiceNow AI Platform, specifically affecting its Now Assist AI Agents and Virtual Agent API components. This flaw allows an unauthenticated attacker to impersonate another user within the system. By chaining a hardcoded, platform-wide secret with account-linking logic that relies on an email address, an attacker can bypass multi-factor authentication (MFA) and single sign-on (SSO) protections. Successful exploitation of this vulnerability, codenamed "BodySnatcher" by AppOmni, enables the attacker to perform any operations that the impersonated user is authorized to execute. This could include sensitive administrative or operational actions. ServiceNow addressed this issue by deploying security updates to hosted instances in October 2025 and providing patches to self-hosted customers and partners.
- Description
- A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.
- Source
- psirt@servicenow.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber
- Severity
- CRITICAL
- psirt@servicenow.com
- CWE-250
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
17
‼️ New Research Drop ‼️ I’m excited to share my latest @AppOmniSecurity Labs research: a CVSS 9.3 critical vulnerability in #ServiceNow’s AI platform. It's dubbed "BodySnatcher" (CVE-2025-12420) because of its novel exploit path: it allowed an unauthenticated atta
@ConspiracyProof
13 Jan 2026
42 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-12420: Por qué la identidad en plataformas de IA necesita un cambio fundamental ServiceNow acaba de revelar una vulnerabilidad crítica (CVSS 9.3) en su plataforma de IA que permite a un atacante NO AUTENTICADO suplantar a cualquier usuario y realizar acciones en
@dilithium3core
13 Jan 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ServiceNow patched a critical AI Platform flaw enabling unauthenticated user impersonation and actions as the victim. CVE-2025-12420 (CVSS 9.3) affects Now Assist and Virtual Agent. Fixed Oct 30. No known exploitation. 🔗 Details here → https://t.co/x4JNupmYTF
@TheHackersNews
13 Jan 2026
6418 Impressions
16 Retweets
62 Likes
7 Bookmarks
0 Replies
1 Quote
Critical ServiceNow AI flaw (CVE-2025-12420, 9.3 CVSS) allowed unauthenticated impersonation. Patch now! 🚨 Link: https://t.co/jLVdXxjuO7 #ServiceNow #Cybersecurity #Vulnerability #AIPlatform
@0xT3chn0m4nc3r
13 Jan 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNow AI Platform hit by critical flaw CVE-2025-12420 allowing unauthenticated user impersonation and privilege escalation. Discovered by AppOmni in Oct 2025, remediation is underway. https://t.co/0XymddXiR3
@threatcluster
13 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Critical flaw in ServiceNow AI reveals enterprise blind spots WHAT PEOPLE SAW ServiceNow recently patched a critical vulnerability, CVE-2025-12420, in its AI Platform. On the surface, it seemed like a routine update to fix a bug before any exploits happened. WHAT WAS https
@photogrim_
13 Jan 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical ServiceNow AI Platform Bug Lets Unauthenticated Attackers Impersonate Users (CVE-2025-12420) A CVSS 9.3 flaw in ServiceNow’s AI Platform can allow unauthenticated user impersonation, enabling privilege escalation and any actions permitted to the targeted account (
@ThreatSynop
13 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12420 (CVSS 9.3): Unauthenticated Privilege Escalation in ServiceNow AI Platform ServiceNow is vulnerable to unauthenticated privilege escalation in its AI Platform, allowing attackers to impersonate users and perform unauthorized actions without authentication. ht
@zoomeye_team
13 Jan 2026
5683 Impressions
24 Retweets
63 Likes
30 Bookmarks
0 Replies
1 Quote
ServiceNow's AI got hacked - CVE-2025-12420 allows unauthenticated users to impersonate anyone. Time to patch before the bad guys take control. #servicenow #cybersecurity #cve #vulnerability https://t.co/KLTuSJJsbQ
@xplain_it_again
13 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12420 A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations tha… https://t.co/Fn7UedEo6D
@CVEnew
12 Jan 2026
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes