CVE-2025-12420: Critical ServiceNow Flaw Enables Unauthenticated Impersonation

Key Findings

A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users.
The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation.
ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action.

The vulnerability, dubbed CVE-2025-12420, is a failure in authentication checks that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform.
The flaw was discovered by the SaaS security firm AppOmni, with collaboration from researcher Aaron Costello.
The vulnerability affects specific ServiceNow Store Applications, including Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service).

Successful exploitation could lead to unauthorized access to sensitive corporate data, disruption of IT operations, and compromise of business processes automated via Now Assist AI Agents.
The impersonation capability allows attackers to bypass normal authentication and authorization controls, potentially leading to data breaches involving personal data protected under GDPR.
Operationally, attackers could manipulate workflows, escalate privileges, or disrupt service delivery, impacting business continuity.
The risk is heightened in sectors with stringent compliance requirements, such as finance, healthcare, and government agencies prevalent across Europe.

Organizations should immediately verify if they are running the affected version of ServiceNow Now Assist AI Agents and apply the official security updates released by ServiceNow.
Access to AI agent functionalities should be restricted to the minimum necessary users, and multi-factor authentication (MFA) should be enforced for all administrative and privileged accounts.
Network segmentation and firewall rules should limit exposure of ServiceNow instances to trusted networks only.
Regular security assessments and penetration testing focused on ServiceNow environments can help identify residual risks.
Organizations should review and update incident response plans to include scenarios involving AI agent impersonation attacks.

https://securityonline.info/ai-identity-theft-critical-servicenow-flaw-cve-2025-12420-allows-unauthenticated-impersonation/
https://radar.offseq.com/threat/cve-2025-12420-vulnerability-in-servicenow-now-ass-62928d94