By rssfeeds-admin 
Dubbed “BodySnatcher,” this authentication flaw allows unauthenticated attackers to impersonate any ServiceNow user using only their email address.
The vulnerability completely bypasses multi-factor authentication (MFA) and single sign-on (SSO) controls, enabling attackers to execute privileged AI workflows and establish persistent backdoor access through malicious administrator accounts.
Vulnerability Mechanism
The BodySnatcher exploit chains two critical security misconfigurations within ServiceNow’s AI agent infrastructure.
First, all ServiceNow instances worldwide ship with an identical static client secret hardcoded in AI Agent channel providers, creating a universal authentication bypass mechanism.
Second, the auto-linking mechanism for account association requires only an email address, without enforcing MFA, allowing any attacker with the shared token to impersonate legitimate users.
The attack unfolds in two stages. An attacker begins by sending an HTTP POST request to the /api/sn_va_as_service/bot/integration endpoint, supplying the hardcoded shared token “servicenowexternalagent” and the target’s email address.
The auto-linking mechanism automatically associates this external request with the legitimate ServiceNow user account.
After waiting 8-10 seconds for the AI agent’s confirmation, the attacker sends a follow-up payload that authorizes malicious actions, such as user creation, role assignment, or password reset, via standard workflows.
In proof-of-concept demonstrations, attackers successfully created administrator accounts, assigned elevated privileges, and gained complete platform control without possessing legitimate credentials or authenticating through SSO.
This represents a complete authentication bypass affecting any on-premise ServiceNow deployment.
ServiceNow removed the Record Management AI Agent from default installations as a patch measure, though organizational custom agents remain vulnerable if misconfigured.
On-premise customers should immediately upgrade to patched versions. Security teams must enforce MFA for Virtual Agent provider account linking, establish mandatory approval workflows for AI agent deployments through AI Control Tower, and conduct quarterly audits to identify unused AI agents.
| Metric | Details |
|---|---|
| CVE Identifier | CVE-2025-12420 |
| Vulnerability Type | Broken Authentication & Agentic Hijacking |
| CVSS Score | Critical |
| Attack Vector | Network-based, Unauthenticated |
| Affected Systems | ServiceNow On-Premise (Cloud customers unaffected) |
| Authentication Required | No |
| User Interaction Required | No |
Affected Versions and Patch Timeline
| Application | Affected Versions | Fixed Versions | Patch Date |
|---|---|---|---|
| Now Assist AI Agents (sn_aia) | 5.0.24 – 5.1.17, 5.2.0 – 5.2.18 | 5.1.18, 5.2.19 | January 2026 |
| Virtual Agent API (sn_va_as_service) | ≤ 3.15.1, 4.0.0 – 4.0.3 | 3.15.2, 4.0.4 | January 2026 |
Organizations running affected ServiceNow versions should prioritize patching to prevent account takeover attacks targeting critical IT service management and AI automation workflows.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post BodySnatcher Vulnerability Allows Attackers to Impersonate Any ServiceNow User appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.