Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Bans Apps Used to Remotely Disable E-Rickshaws
July 3, 2026
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Home/CyberSecurity News/BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User
CyberSecurity News

BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User

A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application enables unauthenticated attackers to impersonate any user and remotely execute privileged AI...

Jennifer sherman
Jennifer sherman
January 19, 2026 3 Min Read
49 0

A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application enables unauthenticated attackers to impersonate any user and remotely execute privileged AI agents.

Security researcher Aaron Costello from AppOmni disclosed the flaw, tracked as CVE-2025-12420, which combines a hardcoded platform-wide secret with insecure account-linking logic to bypass multi-factor authentication, single sign-on, and other access controls.

The vulnerability affects organizations using ServiceNow’s AI-powered automation features, potentially exposing sensitive customer data, financial records, healthcare information, and intellectual property.

 The authentication token used by every ServiceNow instance’s AI Agent Provider
 The authentication token used by every ServiceNow instance’s AI Agent Provider

An attacker armed only with a target’s email address can impersonate administrators and weaponize AI agents to create backdoor accounts with full system privileges, granting nearly unlimited access to enterprise resources.

CVE ID Affected Application Affected Versions Fixed Versions CVSS Score
CVE-2025-12420 Now Assist AI Agents (sn_aia) 5.0.24 – 5.1.17, 5.2.0 – 5.2.18 5.1.18, 5.2.19 Critical
CVE-2025-12420 Virtual Agent API (sn_va_as_service) ≤ 3.15.1, 4.0.0 – 4.0.3 3.15.2, 4.0.4 Critical

Exploitation Mechanism

The vulnerability exploits two critical design flaws in ServiceNow’s AI agent infrastructure.

First, AI agent channel providers shipped with identical authentication tokens across all customer instances, creating a universal authentication bypass.

The attack starts a Now Assist AI session while impersonating an admin.
The attack starts a Now Assist AI session while impersonating an admin.

Second, the auto-linking mechanism trusted any requester supplying the shared token along with a valid email address, automatically associating external entities with ServiceNow accounts without requiring multi-factor authentication.

Attackers can chain these weaknesses through the Virtual Agent API to impersonate privileged users and execute the now-removed Record Management AI agent.

In proof-of-concept demonstrations, researchers successfully created administrative accounts, assigned elevated privileges, reset passwords, and achieved full platform access without ever authenticating.

The attack works remotely against any ServiceNow instance running vulnerable application versions, even when affected AI agents remain active. AppOmni reported the vulnerability to ServiceNow on October 23, 2025.

The auto-linking action code for the AI Agent Providers
The auto-linking action code for the AI Agent Providers

ServiceNow acknowledged the issue immediately and deployed patches by October 30, 2025, rotating provider credentials and removing the powerful Record Management AI agent from customer environments.

The company issued customer notifications and published a knowledge base article, KB2587317, crediting Costello and AppOmni with the discovery.

The Account linking type for the AI Agent provider did not enforce MFA
The Account linking type for the AI Agent provider did not enforce MFA

Security teams should immediately verify that affected applications have been updated to the fixed versions.

Organizations must implement multi-factor authentication for account-linking processes, establish automated review workflows for AI agent deployments, and regularly audit dormant AI agents for deactivation.

ServiceNow administrators can leverage the AI Control Tower application to identify unused agents and enforce approval processes before production deployment.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Microsoft January 2026 Security Update Causes Credential Prompt Failures in Remote Desktop Connections

Next Post

17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
AI Poisoning Attack Abuses SEO and Hidden HTML to Trick AI Agents
July 3, 2026
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us