ServiceNow AI Platform patch release for CVE-2025-12420
Security Patch Release
Summary
Hide ▲
Show ▼
ServiceNow released a security update for CVE-2025-12420, a critical flaw in its ServiceNow AI Platform that could let an unauthenticated user impersonate another user and perform arbitrary actions. The fix covered the majority of hosted instances and was also shared with ServiceNow partners and self-hosted customers. ServiceNow said there is no evidence of in-the-wild exploitation, but it urged users to apply the update as soon as possible.
Related Happenings
ServiceNow hosted customer instances API endpoint access-control security update
Security Patch Release
First: 10.06.2026 00:34
Last: 10.06.2026 00:34
Sources 1
About this happening:
**ServiceNow** applied a **security update** to **hosted customer instances** on **June 5, 2026** to fix an **API endpoint access-control issue**. The update changed the endpoint...
ServiceNow hosted customer instances API endpoint access-control security update
Security Patch ReleaseAbout this happening: **ServiceNow** applied a **security update** to **hosted customer instances** on **June 5, 2026** to fix an **API endpoint access-control issue**. The update changed the endpoint...
Oracle security patch release for CVE-2026-21992
Security Patch Release
H score44
First: 21.03.2026 12:24
Last: 21.03.2026 12:24
Sources 1
About this happening:
**Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Oracle security patch release for CVE-2026-21992
Security Patch ReleaseAbout this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
LangSmith version 0.12.71 security update (CVE-2026-25750)
Security Patch Release
H score42
First: 17.03.2026 18:39
Last: 17.03.2026 18:39
Sources 1
About this happening:
**LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...
LangSmith version 0.12.71 security update (CVE-2026-25750)
Security Patch ReleaseAbout this happening: **LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...
N8n 2.4.0 security update for sandbox-escape flaw (CVE-2026-25049)
Security Patch Release
H score39
First: 04.02.2026 23:14
Last: 04.02.2026 23:14
Sources 1
About this happening:
**n8n** released **version 2.4.0** on **January 12, 2026**, fixing a **sandbox-escape bypass** that could let authenticated workflow editors achieve **remote code execution** on a...
N8n 2.4.0 security update for sandbox-escape flaw (CVE-2026-25049)
Security Patch ReleaseAbout this happening: **n8n** released **version 2.4.0** on **January 12, 2026**, fixing a **sandbox-escape bypass** that could let authenticated workflow editors achieve **remote code execution** on a...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/Mitigation
H score61
First: 03.02.2026 18:15
Last: 03.02.2026 18:15
Sources 1
About this happening:
**Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/MitigationAbout this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Timeline
-
13.01.2026 13:47 1 articles · 5mo ago
ServiceNow deploys security update for CVE-2025-12420
Mitigation Patch UpdateServiceNow deployed a security update on October 30, 2025 to the majority of hosted instances and shared patches with ServiceNow partners and self-hosted customers to fix CVE-2025-12420 in ServiceNow AI Platform. Fixed builds were also provided for Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service), and users were urged to apply the update as soon as possible.
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47
-
13.01.2026 13:47 1 articles · 5mo ago
ServiceNow discloses critical AI Platform flaw
Initial DisclosureServiceNow disclosed a now-patched critical flaw in ServiceNow AI Platform, tracked as CVE-2025-12420 with a CVSS score of 9.3, that could let an unauthenticated user impersonate another user and perform arbitrary actions. ServiceNow said there is no evidence of exploitation in the wild, credited Aaron Costello of AppOmni with discovering and reporting the flaw in October 2025, and identified fixed versions for Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service).
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47