Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

The Hacker News by The Hacker News
January 13, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 13, 2026Ravie LakshmananVulnerability / SaaS Security

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.

The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0

“This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform,” the company said in an advisory released Monday.

The shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a security update to the majority of hosted instances, with the company also sharing the patches with ServiceNow partners and self-hosted customers.

Cybersecurity

The following versions include a fix for CVE-2025-12420 –

  • Now Assist AI Agents (sn_aia) – 5.1.18 or later and 5.2.19 or later
  • Virtual Agent API (sn_va_as_service) – 3.15.2 or later and 4.0.4 or later

ServiceNow credited Aaron Costello, chief of SaaS Security Research at AppOmni, with discovering and reporting the flaw in October 2025. While there is no evidence that the vulnerability has been exploited in the wild, users are advised to apply an appropriate security update as soon as possible to mitigate potential threats.

The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct second-order prompt injection attacks.

The issue could then be weaponized to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
What Should We Learn From How Attackers Leveraged AI in 2025?

What Should We Learn From How Attackers Leveraged AI in 2025?

Recommended.

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

September 15, 2025
UPDATED MSG NETWORKS STATEMENT ON ALTICE DISPUTE

UPDATED MSG NETWORKS STATEMENT ON ALTICE DISPUTE

February 10, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio