ServiceNow has successfully patched a critical security vulnerability affecting its AI Platform, which could have allowed unauthenticated users to impersonate legitimate users and perform unauthorized actions. The flaw, identified as CVE-2025-12420, carried a high CVSS score of 9.3, indicating a severe risk to enterprise data and operations. The company acted swiftly to deploy security updates, mitigating the potential for exploitation.

Key Takeaways

• A critical vulnerability (CVE-2025-12420) in ServiceNow's AI Platform has been patched.

• The flaw allowed unauthenticated users to impersonate other users and escalate privileges.

• ServiceNow deployed security updates on October 30, 2025, to hosted instances and provided patches to partners and self-hosted customers.

• Affected applications include Now Assist AI Agents and Virtual Agent API.

• No evidence of active exploitation in the wild has been reported, but immediate patching is advised.

Critical Flaw Uncovered

The vulnerability, tracked as CVE-2025-12420, was discovered by Aaron Costello, Chief of SaaS Security Research at AppOmni, in October 2025. This critical flaw posed a significant threat, as it could enable an unauthenticated user to impersonate another user and execute any operations that the impersonated user was entitled to perform. This could lead to unauthorized access to sensitive corporate data, modification of records, and privilege escalation.

Swift Remediation Efforts

ServiceNow addressed the vulnerability on October 30, 2025, by deploying a security update to the majority of its hosted instances. The company also shared patches with its partners and customers operating self-hosted deployments. This rapid response aimed to minimize the window of opportunity for malicious actors.

Affected Applications and Patch Versions

The security update resolves CVE-2025-12420 in the following applications:

• Now Assist AI Agents (sn_aia): Version 5.1.18 or later, and 5.2.19 or later.

• Virtual Agent API (sn_va_as_service): Version 3.15.2 or later, and 4.0.4 or later.

ServiceNow strongly advises all customers to apply the appropriate security updates or upgrade to the patched versions as soon as possible to ensure their environments are protected.

No Exploitation in the Wild, But Urgency Remains

While ServiceNow has reported no evidence of the vulnerability being actively exploited in the wild, the company emphasizes the importance of applying the security updates promptly. The disclosure of such a critical flaw increases the risk of potential exploitation, making immediate patching a top priority for organizations utilizing ServiceNow's AI capabilities.

Sources

• ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation, The Hacker News.

• Critical ServiceNow Vulnerability Enables Privilege Escalation via Unauthenticated User Impersonation, Cyber Press.

• Critical ServiceNow Vulnerability Enables Privilege Escalation Via Unauthenticated User Impersonation, Cyber Security News.

• ServiceNow Vulnerability Enables Privilege Escalation Without Authentication, GBHackers News.