AI Identity Theft: Critical ServiceNow Flaw (CVE-2025-12420) Allows Unauthenticated Impersonation
Ddos 
A critical vulnerability has been uncovered in the ServiceNow AI Platform, potentially allowing unauthenticated attackers to masquerade as legitimate users. With a severity score of 9.3 out of 10, the flaw—tracked as CVE-2025-12420—poses a significant risk of privilege escalation, though swift action from ServiceNow has already deployed fixes to the majority of hosted instances.
The vulnerability was brought to light in October 2025 by the SaaS security firm AppOmni, with credit also going to researcher Aaron Costello for their collaboration in the disclosure process.
At the heart of this issue is a failure in authentication checks that could leave the door wide open for identity spoofing. According to the advisory, the vulnerability “could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform”.
Imagine an outsider being able to step into the digital shoes of a privileged employee without ever logging in—this is the scenario CVE-2025-12420 threatened to make a reality.
ServiceNow moved quickly to contain the threat. On October 30, 2025, the company released security updates that addressed the vulnerability for most of its hosted environment.
“At this time, ServiceNow is unaware of this issue being exploited in the wild against customer instances”. However, the company warns against complacency, noting that “due to the potential for increased risk when vulnerabilities are publicly disclosed, we recommend that hosted and self-hosted customers review this advisory”.
While hosted instances have largely been patched, self-hosted customers and partners need to take immediate action to ensure their networks are secure. The vulnerability affects specific Store Applications, and updates have been released for the following:
- Now Assist AI Agents (sn_aia): Update to version 5.1.18 or later, or 5.2.19 or later.
- Virtual Agent API (sn_va_as_service): Update to version 3.15.2 or later, or 4.0.4 or later.
Related Posts:
- ServiceNow Exploits Used in Global Reconnaissance Campaign
- Actively Exploited ServiceNow and Acronis Vulnerabilities Pose Significant Threats to Government and Private Sectors
- ServiceNow Addresses Authorization Bypass Vulnerability in Now Platform (CVE-2025-0337)
- ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)
Donate