BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ServiceNow AI critical bug allows impersonation, actions now

Critical ServiceNow AI-platform impersonation flaw (CVE-2025-12420, CVSS 9.3) patched — admins must update Now Assist and Virtual Agent components.

  • ServiceNow patched a critical impersonation flaw in its AI platform, tracked as CVE-2025-12420 (CVSS 9.3).
  • The bug could allow an unauthenticated attacker to act as another user and perform that user’s permitted actions.
  • Patches were deployed to most hosted instances on October 30, 2025, and fixes were provided to partners and self-hosted customers.
  • Fixed component versions include Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service); administrators should apply updates immediately.

ServiceNow disclosed a critical vulnerability in its ServiceNow AI Platform that could let an unauthenticated actor impersonate another user and execute that user’s permitted operations. The flaw is tracked as CVE-2025-12420 and has a CVSS score of 9.3.

- Advertisement -

The company, in an advisory, stated the issue’s impact and mitigation steps. “This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform,” the advisory said.

ServiceNow rolled out a security update to the majority of hosted instances on October 30, 2025, and shared patches with partners and self-hosted customers. There is no evidence the vulnerability has been exploited in the wild, but users are urged to apply updates quickly to reduce risk.

The fixes appear in specific component versions: Now Assist AI Agents (sn_aia) — 5.1.18 or later and 5.2.19 or later — and Virtual Agent API (sn_va_as_service) — 3.15.2 or later and 4.0.4 or later. Administrators should verify installed versions and upgrade to the listed releases.

Aaron Costello, chief of SaaS Security Research at AppOmni, discovered and reported the flaw in October 2025. This disclosure follows AppOmni’s earlier findings that default Now Assist configurations could enable second-order prompt injection attacks, which can be used to copy data, modify records, or escalate privileges.

- Advertisement -

Apply the provided security updates and review AI-agent configurations to limit exposure. The advisory linked above contains ServiceNow’s remediation guidance and version details.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

ECB: Stablecoin growth puts European bank deposits at risk

ECB board member Piero Cipollone warned Friday that stablecoin growth could strip European banks...

Tesla Launches Megacharger Network with Bloomington Station

Tesla opened a new public Megacharger station in Bloomington, California, calling it the start...

Apple Overtakes Nvidia as World’s Most Valuable Public Company

Apple briefly surpassed NVIDIA as the world’s most valuable publicly traded company, hitting an...

Galaxy Digital buys naming rights to Texas Tech stadium in 15-year deal

Galaxy Digital signed a 15-year naming rights deal with Texas Tech, renaming the football...

ViteVenom: 7 Malicious npm Packages Target Vite Ecosystem

Researchers at Checkmarx uncovered the ViteVenom campaign, a software supply chain attack using seven...

Must Read

The Ultimate Guide on How to Understand a Cryptocurrency White Paper

Today, cryptocurrency is a popular buzzword. We hear about it on the news, we read about it on the Internet. Yet, people are reluctant to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading