CyberSecurity News

Critical ServiceNow Flaw: Unauthenticated Privilege Escalation

A critical security flaw has been identified in ServiceNow AI Platform deployments. This vulnerability allows unauthenticated attackers to impersonate legitimate users and execute unauthorized...

Marcus Rodriguez
Marcus Rodriguez
January 13, 2026 2 Min Read
3 0

A critical security flaw has been identified in ServiceNow AI Platform deployments. This vulnerability allows unauthenticated attackers to impersonate legitimate users and execute unauthorized operations.

The vulnerability, CVE-2025-12420, was discovered by AppOmni, a SaaS security firm, and disclosed to ServiceNow in October 2025, prompting immediate remediation efforts.

The privilege escalation flaw within ServiceNow’s AI Platform infrastructure enables attackers without authentication credentials to assume the identity of authorized users.

Upon successful impersonation, threat actors gain access to all operations and permissions associated with the compromised user account.

CVE ID Vulnerability Type CVSS Score (v4.0) Affected Component
CVE-2025-12420 Privilege Escalation 9.3 ServiceNow AI Platform

Potentially leading to unauthorized data access, configuration changes, and lateral movement within enterprise environments.

ServiceNow addressed the vulnerability on October 30, 2025, deploying security patches to the majority of hosted instances.

The company simultaneously provided updates to partners and self-hosted customer deployments.

The vulnerability is also resolved in specific Store App versions released as part of the October 2025 security maintenance cycle.

Affected Applications and Patched Versions

The vulnerability impacts two critical ServiceNow applications:

Component Required Version (Minimum)
Assist AI Agents (sn_aia) 5.1.18 or later, OR 5.2.19 or later
Virtual Agent API (sn_va_as_service) 3.15.2 or later, OR 4.0.4 or later

ServiceNow strongly recommends that customers immediately apply the appropriate security updates or upgrade to patched versions if deployment has not already occurred.

Organizations operating both hosted and self-hosted ServiceNow environments should prioritize remediation of this vulnerability due to its critical nature and the potential for increased exploitation following public disclosure.

Currently, ServiceNow reports no evidence of active exploitation in the wild. However, the window between public disclosure and widespread attack implementation is typically narrow, necessitating urgent action from security teams.

This collaborative approach enabled vendors to develop and deploy fixes before public announcement, reducing the exposure window for customer environments.

Organizations relying on ServiceNow AI Platform components should review the complete security advisory.

Implementation guidelines are available through the official support documentation to ensure comprehensive vulnerability remediation across their infrastructure.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts