ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.
The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0
“This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform,” the company said in an advisory released Monday.
The shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a security update to the majority of hosted instances, with the company also sharing the patches with ServiceNow partners and self-hosted customers.
The following versions include a fix for CVE-2025-12420 –
- Now Assist AI Agents (sn_aia) – 5.1.18 or later and 5.2.19 or later
- Virtual Agent API (sn_va_as_service) – 3.15.2 or later and 4.0.4 or later
ServiceNow credited Aaron Costello, chief of SaaS Security Research at AppOmni, with discovering and reporting the flaw in October 2025. While there is no evidence that the vulnerability has been exploited in the wild, users are advised to apply an appropriate security update as soon as possible to mitigate potential threats.
The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct second-order prompt injection attacks.
The issue could then be weaponized to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges.
