ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-12420 exposes ServiceNow AI Platform deployments to unauthenticated impersonation and arbitrary actions, creating a high-severity account-takeover risk. The flaw carries a CVSS 9.3 score and affects Now Assist AI Agents and Virtual Agent API components. ServiceNow says the issue was patched on October 30, 2025 and that there is no evidence of exploitation in the wild.
Related Happenings
ServiceNow hosted customer instances unauthenticated access security flaw
Vulnerability
H score6
First: 10.06.2026 10:02
Last: 10.06.2026 10:02
Sources 1
About this happening:
**ServiceNow hosted customer instances** were exposed to an **unauthenticated access flaw** that let a user gain greater access than intended, and ServiceNow pushed a **June 5, 20...
ServiceNow hosted customer instances unauthenticated access security flaw
VulnerabilityAbout this happening: **ServiceNow hosted customer instances** were exposed to an **unauthenticated access flaw** that let a user gain greater access than intended, and ServiceNow pushed a **June 5, 20...
Ghost CMS CVE-2026-26980 ClickFix campaign
Campaign
H score42
First: 24.05.2026 17:12
Last: 24.05.2026 17:12
Sources 1
About this happening:
A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Ghost CMS CVE-2026-26980 ClickFix campaign
CampaignAbout this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
React2Shell (CVE-2025-55182) mass scanning and exploitation wave
Exploitation Wave
H score89
First: 20.02.2026 23:07
Last: 20.02.2026 23:07
Sources 1
About this happening:
**CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...
React2Shell (CVE-2025-55182) mass scanning and exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
H score46
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation Wave
H score76
First: 12.02.2026 23:34
Last: 12.02.2026 23:34
Sources 1
About this happening:
**CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
Timeline
-
13.01.2026 13:47 2 articles · 5mo ago
ServiceNow patches CVE-2025-12420
Mitigation Patch UpdateServiceNow deployed a security update on October 30, 2025 to address CVE-2025-12420 in the ServiceNow AI Platform, pushing fixes to the majority of hosted instances and sharing patches with ServiceNow partners and self-hosted customers; fixed versions were listed for Now Assist AI Agents (sn_aia) 5.1.18 or later and 5.2.19 or later, and Virtual Agent API (sn_va_as_service) 3.15.2 or later and 4.0.4 or later.
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47
-
13.01.2026 13:47 1 articles · 5mo ago
ServiceNow discloses critical AI Platform flaw
Initial DisclosureServiceNow disclosed a now-patched critical flaw in the ServiceNow AI Platform, CVE-2025-12420, stating that an unauthenticated user could impersonate another user and perform the operations that user was entitled to perform; the issue carried a CVSS score of 9.3 out of 10.0.
Show sources
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation — thehackernews.com — 13.01.2026 13:47