ServiceNow has disclosed particulars of a now-patched crucial safety flaw impacting its ServiceNow synthetic intelligence (AI) Platform that would allow an unauthenticated person to impersonate one other person and carry out arbitrary actions as that person.
The vulnerability, tracked as CVE-2025-12420, carries a CVSS rating of 9.3 out of 10.0. It has been codenamed BodySnatcher by AppOmni.
“This challenge […] may allow an unauthenticated person to impersonate one other person and carry out the operations that the impersonated person is entitled to carry out,” the corporate stated in an advisory launched Monday.
The shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a safety replace to the vast majority of hosted situations, with the corporate additionally sharing the patches with ServiceNow companions and self-hosted prospects.
The next variations embody a repair for CVE-2025-12420 –
- Now Help AI Brokers (sn_aia) – 5.1.18 or later and 5.2.19 or later
- Digital Agent API (sn_va_as_service) – 3.15.2 or later and 4.0.4 or later
ServiceNow credited Aaron Costello, chief of SaaS Safety Analysis at AppOmni, with discovering and reporting the flaw in October 2025. Whereas there isn’t a proof that the vulnerability has been exploited within the wild, customers are suggested to use an applicable safety replace as quickly as attainable to mitigate potential threats.
“BodySnatcher is essentially the most extreme AI-driven vulnerability uncovered so far: Attackers may have successfully ‘distant managed’ a corporation’s AI, weaponizing the very instruments meant to simplify the enterprise,” Costello advised The Hacker Information.
In a separate report, AppOmni stated the Digital Agent integration flaw permits unauthenticated attackers to impersonate any ServiceNow person utilizing solely an electronic mail deal with, bypassing multi-factor authentication (MFA) and single sign-on (SSO) protections. Profitable exploitation may enable a menace actor to impersonate an administrator and execute an AI agent to subvert safety controls and create backdoor accounts with elevated privileges.
“By chaining a hardcoded, platform-wide secret with account-linking logic that trusts a easy electronic mail deal with, an attacker can bypass multi-factor authentication (MFA), single sign-on (SSO), and different entry controls,” Costello added. “And it is essentially the most extreme AI-driven safety vulnerability uncovered so far. With these weaknesses linked collectively, the attacker can remotely drive privileged agentic workflows as any person.”
The disclosure comes practically two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Help generative AI platform and leverage its agentic capabilities to conduct second-order immediate injection assaults.
The difficulty may then be weaponized to execute unauthorized actions, enabling attackers to repeat and exfiltrate delicate company information, modify information, and escalate privileges.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the newest breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s traits immediately: learn extra, subscribe to our e-newsletter, and turn out to be a part of the NextTech group at NextTech-news.com
