CVE-2025-12420

Name of the Vulnerable Software and Affected Versions ServiceNow AI Platform versions prior to October 30, 2025 Now Assist AI Agents versions prior to 5.1.18 or 5.2.19 Virtual Agent API versions prior to 3.15.2 or 4.0.4

Description A critical vulnerability (CVE-2025-12420) exists in the ServiceNow AI Platform that allows an unauthenticated attacker to impersonate legitimate users and perform actions with the victim’s permissions. This includes potential privilege escalation and access to sensitive data. The vulnerability stems from broken access controls within the AI components, specifically Now Assist AI Agents and the Virtual Agent API. The flaw allows attackers to bypass multi-factor authentication (MFA) and single sign-on (SSO) mechanisms. The vulnerability was discovered by AppOmni and addressed by ServiceNow with security updates deployed to hosted instances in October 2025, and updates provided to self-hosted customers and partners. No active exploitation has been confirmed, but the potential impact is significant. The vulnerability is related to a shared provider token and insecure auto-linking logic.

Recommendations Update Now Assist AI Agents to version 5.1.18 or 5.2.19. Update Virtual Agent API to version 3.15.2 or 4.0.4. Ensure all ServiceNow AI Platform instances are updated to the latest patched versions. Review agent configurations to prevent unauthorized access and privilege escalation.