Cyber Resilience

CVE-2025-12420

Critical

Published: 12 January 2026

Published
12 January 2026
Modified
27 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber
EPSS Score 0.4549 98.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-12420 is a critical-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Servicenow Now Assist Ai Agents. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2025-12420, published on 2026-01-12, is a critical vulnerability (CVSS 9.8; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in the ServiceNow AI Platform, associated with CWE-250. The flaw enables an unauthenticated user to impersonate another user and perform any operations that the impersonated user is entitled to execute.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to assume the identity and privileges of the target user, potentially compromising confidentiality, integrity, and availability through unauthorized actions within the platform.

ServiceNow addressed the vulnerability by deploying a security update to hosted instances in October 2025, with updates also provided to self-hosted customers, partners, and hosted customers with unique configurations. The issue is fixed in the listed Store App versions. Customers are advised to promptly apply the relevant security update or upgrade. Additional details are available in the advisory at https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2587329.

EU & UK References

Vulnerability details

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a…

more

relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
Why these techniques?

Direct unauthenticated user impersonation in a public-facing SaaS platform enables remote exploitation (T1190) and identity assumption (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27002Shared CWE-250
CVE-2026-29205Shared CWE-250
CVE-2024-7102Shared CWE-250
CVE-2026-42833Shared CWE-250
CVE-2025-34274Shared CWE-250
CVE-2026-4498Shared CWE-250
CVE-2025-13375Shared CWE-250
CVE-2025-34515Shared CWE-250
CVE-2025-33223Shared CWE-250
CVE-2026-25212Shared CWE-250

Affected Assets

servicenow
now assist ai agents
≤ 5.1.18 · 5.2.0 — 5.2.19
servicenow
virtual agent api
≤ 3.15.2 · 4.0.0 — 4.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates unique identification and authentication for organizational users, directly preventing unauthenticated impersonation in the ServiceNow AI Platform.

prevent

Enforces approved access authorizations for system resources, blocking impersonated users from performing unauthorized operations.

prevent

Requires timely remediation of flaws like CVE-2025-12420 through applying vendor security updates and patches.

References