ServiceNow AI Platform patch release for CVE-2025-12420
Security Patch Release
Summary
Hide ▲
Show ▼
ServiceNow released a security update for CVE-2025-12420, a critical flaw in its ServiceNow AI Platform that could let an unauthenticated user impersonate another user and perform arbitrary actions. The fix covered the majority of hosted instances and was also shared with ServiceNow partners and self-hosted customers. ServiceNow said there is no evidence of in-the-wild exploitation, but it urged users to apply the update as soon as possible.
Related Happenings
Oracle security patch release for CVE-2026-21992
Security Patch Release
First: 21.03.2026 12:24
Last: 21.03.2026 12:24
Sources 1
About this happening:
**Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Oracle security patch release for CVE-2026-21992
Security Patch ReleaseAbout this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
LangSmith version 0.12.71 security update (CVE-2026-25750)
Security Patch Release
First: 17.03.2026 18:39
Last: 17.03.2026 18:39
Sources 1
About this happening:
**LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...
LangSmith version 0.12.71 security update (CVE-2026-25750)
Security Patch ReleaseAbout this happening: **LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...
N8n 2.4.0 security update for sandbox-escape flaw (CVE-2026-25049)
Security Patch Release
First: 04.02.2026 23:14
Last: 04.02.2026 23:14
Sources 1
About this happening:
**n8n** released **version 2.4.0** on **January 12, 2026**, fixing a **sandbox-escape bypass** that could let authenticated workflow editors achieve **remote code execution** on a...
N8n 2.4.0 security update for sandbox-escape flaw (CVE-2026-25049)
Security Patch ReleaseAbout this happening: **n8n** released **version 2.4.0** on **January 12, 2026**, fixing a **sandbox-escape bypass** that could let authenticated workflow editors achieve **remote code execution** on a...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/Mitigation
First: 03.02.2026 18:15
Last: 03.02.2026 18:15
Sources 1
About this happening:
**Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/MitigationAbout this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Fortinet security patch release for CVE-2026-24858
Security Patch Release
First: 28.01.2026 06:49
Last: 28.01.2026 06:49
Sources 1
About this happening:
**Fortinet** began releasing **security updates** for **CVE-2026-24858**, a critical **FortiOS** authentication-bypass flaw that also affects **FortiManager** and **FortiAnalyzer*...
Fortinet security patch release for CVE-2026-24858
Security Patch ReleaseAbout this happening: **Fortinet** began releasing **security updates** for **CVE-2026-24858**, a critical **FortiOS** authentication-bypass flaw that also affects **FortiManager** and **FortiAnalyzer*...
Timeline
-
13.01.2026 13:47 1 articles · 4mo ago
ServiceNow deploys security update for CVE-2025-12420
Mitigation Patch UpdateServiceNow deployed a security update on October 30, 2025 to the majority of hosted instances and shared patches with ServiceNow partners and self-hosted customers to fix CVE-2025-12420 in ServiceNow AI Platform. Fixed builds were also provided for Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service), and users were urged to apply the update as soon as possible.
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47
-
13.01.2026 13:47 1 articles · 4mo ago
ServiceNow discloses critical AI Platform flaw
Initial DisclosureServiceNow disclosed a now-patched critical flaw in ServiceNow AI Platform, tracked as CVE-2025-12420 with a CVSS score of 9.3, that could let an unauthenticated user impersonate another user and perform arbitrary actions. ServiceNow said there is no evidence of exploitation in the wild, credited Aaron Costello of AppOmni with discovering and reporting the flaw in October 2025, and identified fixed versions for Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service).
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47