A critical flaw has been identified in ServiceNow’s artificial intelligence platform, with a severity score of 9.3 out of 10. This vulnerability, classified as CVE-2025-12420, could allow attackers to impersonate legitimate users without authenticating.
ServiceNow has already implemented rapid remediation measures for most hosted instances, but the issue remains a significant risk of privilege escalation. Imagine an outsider impersonating a privileged employee without ever logging in: this is the scenario CVE-2025-12420 threatened to bring to fruition.
ServiceNow moved quickly to contain the threat. On October 30, 2025, the company released security updates that addressed the vulnerability for most of its hosted environment.
The vulnerability was brought to light in October 2025 by SaaS security firm AppOmni ; researcher Aaron Costello is also credited for his assistance in the disclosure process.
According to ServiceNow, ” At this time, ServiceNow is not aware of any instances of this issue being exploited against customer instances.” However, the company cautions that ” due to the potential increased risk when vulnerabilities are publicly disclosed, we recommend hosted and self-hosted customers read this advisory carefully.”
While hosted instances have been largely patched, customers and partners running self-hosted instances should take immediate action to ensure the security of their networks. The vulnerability affects specific Store applications, and updates have been released for:
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
