The flaw, tracked as CVE-2025-12420, allows unauthenticated attackers to impersonate legitimate users and execute unauthorized operations leveraging the compromised account’s permissions, a dangerous capability that could grant threat actors unfettered access to sensitive business functions.
The vulnerability was identified by AppOmni, a leading SaaS security firm, which responsibly reported it to ServiceNow in October 2025 via coordinated disclosure channels.
ServiceNow responded with commendable speed, deploying security patches to its hosted instances by October 30, 2025, while simultaneously providing updates to partners and customers operating self-hosted deployments.
Nevertheless, the company remains vigilant, noting no confirmed active exploitation in the wild despite heightened risk following public disclosure.
Two critical applications require immediate attention. The Now Assist AI Agents application demands patching to version 5.1.18 or later, or alternatively, version 5.2.19 or later.
The Virtual Agent API also requires an update to version 3.15.2 or later, or to version 4.0.4 or later.
ServiceNow has emphasized the urgency of these updates in its knowledge base, which provides comprehensive security maintenance guidance for both hosted and self-hosted environments.
Organizations utilizing ServiceNow’s AI capabilities for business-critical operations should prioritize patching efforts immediately.
The privilege escalation vector poses a particularly acute threat, as attackers could pivot from initial compromise to accessing resources with the impersonated user’s role and permissions.
This creates cascading risks across interconnected systems and sensitive data repositories.
Security teams should verify their current ServiceNow deployments against the affected versions and initiate patch deployment without delay.
Given the vulnerability’s unauthenticated attack vector and high severity, this should be a top priority in organizational remediation workflows.
ServiceNow’s rapid response and patch availability reduce the window for exploitation, but proactive patching remains essential to eliminate attack vectors before sophisticated threat actors can develop weaponized exploits.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-12420 |
| Vulnerability Type | Privilege Escalation |
| Affected Product | ServiceNow AI Platform |
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Critical ServiceNow Vulnerability Enables Privilege Escalation via Unauthenticated User Impersonation appeared first on Cyber Security News.
Originally announced at a Nintendo Direct all the way back in March 2025, Rhythm Heaven…
If you, like me, are looking to complete your Pokémon TCG binder, we may have…
Audiences are really loving Project Hail Mary’s Rocky, the sentient rock-based alien lifeform who charms…
Mozilla has released Firefox 150, addressing 41 security vulnerabilities, including multiple high-severity flaws that could…
A critical security vulnerability, tracked as CVE-2026-22752, has been discovered in Spring Security Authorization Server,…
Cybersecurity organization SEAL (Security Alliance) has issued a critical warning about a sustained and escalating…
This website uses cookies.