Find notable cyber news and cases, enriched with sources, timelines, and signals.

ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)

Vulnerability
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-12420 exposes ServiceNow AI Platform deployments to unauthenticated impersonation and arbitrary actions, creating a high-severity account-takeover risk. The flaw carries a CVSS 9.3 score and affects Now Assist AI Agents and Virtual Agent API components. ServiceNow says the issue was patched on October 30, 2025 and that there is no evidence of exploitation in the wild.

Related Happenings

ServiceNow hosted customer instances unauthenticated access security flaw

Vulnerability
H score6 First: 10.06.2026 10:02 Last: 10.06.2026 10:02 Sources 1

About this happening: **ServiceNow hosted customer instances** were exposed to an **unauthenticated access flaw** that let a user gain greater access than intended, and ServiceNow pushed a **June 5, 20...

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
H score42 First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
H score89 First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
H score46 First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
H score76 First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Timeline

  1. 13.01.2026 13:47 2 articles · 5mo ago

    ServiceNow patches CVE-2025-12420

    Mitigation Patch Update

    ServiceNow deployed a security update on October 30, 2025 to address CVE-2025-12420 in the ServiceNow AI Platform, pushing fixes to the majority of hosted instances and sharing patches with ServiceNow partners and self-hosted customers; fixed versions were listed for Now Assist AI Agents (sn_aia) 5.1.18 or later and 5.2.19 or later, and Virtual Agent API (sn_va_as_service) 3.15.2 or later and 4.0.4 or later.

    Show sources
  2. 13.01.2026 13:47 1 articles · 5mo ago

    ServiceNow discloses critical AI Platform flaw

    Initial Disclosure

    ServiceNow disclosed a now-patched critical flaw in the ServiceNow AI Platform, CVE-2025-12420, stating that an unauthenticated user could impersonate another user and perform the operations that user was entitled to perform; the issue carried a CVSS score of 9.3 out of 10.0.

    Show sources