ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow AI Platform Vulnerability: CVE-2025-12420

ServiceNow addressed a critical vulnerability (CVE-2025-12420) in its AI Platform, dubbed “BodySnatcher” by AppOmni, which permitted unauthenticated user impersonation. The flaw, with a CVSS score of 9.3, potentially allowed attackers to perform actions with the privileges of any user.

Why This Matters

Ideal access control models assume strong authentication and authorization, but real-world implementations often contain vulnerabilities like hardcoded secrets or flawed account linking logic. This flaw demonstrates how a combination of these issues can bypass MFA and SSO, leading to complete account takeover and potentially significant data breaches or system compromise – a risk amplified by the increasing reliance on AI-driven automation within enterprise systems.

Key Insights

• CVE-2025-12420, 2025: A critical vulnerability in ServiceNow’s AI Platform allowed unauthenticated impersonation.
• Second-order prompt injection: Exploiting default configurations in generative AI platforms to execute unauthorized actions.
• AppOmni research, 2025: Discovered and reported the vulnerability, highlighting the risks associated with AI platform security.

Working Example

# No code example available in the provided context.

Practical Applications

• Use Case: ServiceNow instances utilizing Now Assist AI Agents or Virtual Agent API require immediate patching to prevent unauthorized access.
• Pitfall: Trusting email addresses as a primary authentication factor, particularly when integrated with AI agents, can bypass robust security controls like MFA and SSO.

References:

• https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html