Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)

Vulnerability
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-12420 exposes ServiceNow AI Platform deployments to unauthenticated impersonation and arbitrary actions, creating a high-severity account-takeover risk. The flaw carries a CVSS 9.3 score and affects Now Assist AI Agents and Virtual Agent API components. ServiceNow says the issue was patched on October 30, 2025 and that there is no evidence of exploitation in the wild.

Related Happenings

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Open Happening

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

CISA SmarterMail remediation guidance for CVE-2026-24423

Advisory/Mitigation
First: 06.02.2026 19:16 Last: 06.02.2026 19:16 Sources 1

About this happening: **SmarterMail** is at the center of a **CVE-2026-24423** remediation and exploitation wave: the flaw enables **unauthenticated remote code execution** in versions prior to **Build...

Open Happening

Timeline

  1. 13.01.2026 13:47 2 articles · 4mo ago

    ServiceNow patches CVE-2025-12420

    Mitigation Patch Update

    ServiceNow deployed a security update on October 30, 2025 to address CVE-2025-12420 in the ServiceNow AI Platform, pushing fixes to the majority of hosted instances and sharing patches with ServiceNow partners and self-hosted customers; fixed versions were listed for Now Assist AI Agents (sn_aia) 5.1.18 or later and 5.2.19 or later, and Virtual Agent API (sn_va_as_service) 3.15.2 or later and 4.0.4 or later.

    Show sources
    Open in new tab
  2. 13.01.2026 13:47 1 articles · 4mo ago

    ServiceNow discloses critical AI Platform flaw

    Initial Disclosure

    ServiceNow disclosed a now-patched critical flaw in the ServiceNow AI Platform, CVE-2025-12420, stating that an unauthenticated user could impersonate another user and perform the operations that user was entitled to perform; the issue carried a CVSS score of 9.3 out of 10.0.

    Show sources
    Open in new tab