The flaw, tracked as CVE-2025-12420, allows unauthenticated attackers to impersonate legitimate users and execute unauthorized operations leveraging the compromised account’s permissions, a dangerous capability that could grant threat actors unfettered access to sensitive business functions.
The vulnerability was identified by AppOmni, a leading SaaS security firm, which responsibly reported it to ServiceNow in October 2025 via coordinated disclosure channels.
ServiceNow responded with commendable speed, deploying security patches to its hosted instances by October 30, 2025, while simultaneously providing updates to partners and customers operating self-hosted deployments.
Nevertheless, the company remains vigilant, noting no confirmed active exploitation in the wild despite heightened risk following public disclosure.
Two critical applications require immediate attention. The Now Assist AI Agents application demands patching to version 5.1.18 or later, or alternatively, version 5.2.19 or later.
The Virtual Agent API also requires an update to version 3.15.2 or later, or to version 4.0.4 or later.
ServiceNow has emphasized the urgency of these updates in its knowledge base, which provides comprehensive security maintenance guidance for both hosted and self-hosted environments.
Organizations utilizing ServiceNow’s AI capabilities for business-critical operations should prioritize patching efforts immediately.
The privilege escalation vector poses a particularly acute threat, as attackers could pivot from initial compromise to accessing resources with the impersonated user’s role and permissions.
This creates cascading risks across interconnected systems and sensitive data repositories.
Security teams should verify their current ServiceNow deployments against the affected versions and initiate patch deployment without delay.
Given the vulnerability’s unauthenticated attack vector and high severity, this should be a top priority in organizational remediation workflows.
ServiceNow’s rapid response and patch availability reduce the window for exploitation, but proactive patching remains essential to eliminate attack vectors before sophisticated threat actors can develop weaponized exploits.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-12420 |
| Vulnerability Type | Privilege Escalation |
| Affected Product | ServiceNow AI Platform |
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Critical ServiceNow Vulnerability Enables Privilege Escalation via Unauthenticated User Impersonation appeared first on Cyber Security News.
According to industry reports, the number of connected Internet of Things (IoT) devices reached 16.6…
Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant…
GREELEY, Colo. (AP) — Thousands of workers for the world’s largest meatpacking company began a…
One of the state’s most unusual colleges, the aviation-heavy Daniel Webster College that lasted next…
Curled wood shavings sprinkled across Jim McLaughlin’s workspace, filling the cabin connected to the garage…
For more than 150 years, a small band of Loudon property owners who live along…
This website uses cookies.