Key Takeaways
- ServiceNow has disclosed a critical security flaw in its artificial intelligence (AI) Platform, tracked as CVE-2025-12420, which could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.
- The vulnerability, codenamed BodySnatcher by AppOmni, carries a CVSS score of 9.3 out of 10.0 and has been patched by ServiceNow.
- The flaw was discovered and reported by Aaron Costello, chief of SaaS Security Research at AppOmni, in October 2025.
- Users are advised to apply an appropriate security update as soon as possible to mitigate potential threats.
Introduction to the Vulnerability
The ServiceNow artificial intelligence (AI) Platform has been impacted by a critical security flaw, which could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. According to ServiceNow, "This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform." The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0, indicating a high level of severity. The flaw was codenamed BodySnatcher by AppOmni, the company that discovered and reported the issue.
Details of the Vulnerability
The shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a security update to the majority of hosted instances. The company also shared the patches with ServiceNow partners and self-hosted customers. The following versions include a fix for CVE-2025-12420: Now Assist AI Agents (sn_aia) – 5.1.18 or later and 5.2.19 or later, and Virtual Agent API (sn_va_as_service) – 3.15.2 or later and 4.0.4 or later. ServiceNow credited Aaron Costello, chief of SaaS Security Research at AppOmni, with discovering and reporting the flaw in October 2025. As Costello told The Hacker News, "BodySnatcher is the most severe AI-driven vulnerability uncovered to date: Attackers could have effectively ‘remote controlled’ an organization’s AI, weaponizing the very tools meant to simplify the enterprise."
Exploitation and Potential Threats
According to AppOmni, the Virtual Agent integration flaw allows unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing multi-factor authentication (MFA) and single sign-on (SSO) protections. Successful exploitation could allow a threat actor to impersonate an administrator and execute an AI agent to subvert security controls and create backdoor accounts with elevated privileges. As Costello added, "By chaining a hardcoded, platform-wide secret with account-linking logic that trusts a simple email address, an attacker can bypass multi-factor authentication (MFA), single sign-on (SSO), and other access controls. And it’s the most severe AI-driven security vulnerability uncovered to date. With these weaknesses linked together, the attacker can remotely drive privileged agentic workflows as any user." While there is no evidence that the vulnerability has been exploited in the wild, users are advised to apply an appropriate security update as soon as possible to mitigate potential threats.
Comparison to Previous Vulnerabilities
The disclosure of the BodySnatcher vulnerability comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist generative AI platform and leverage its agentic capabilities to conduct second-order prompt injection attacks. The issue could then be weaponized to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges. The BodySnatcher vulnerability is considered more severe, as it allows unauthenticated attackers to impersonate any ServiceNow user and perform arbitrary actions as that user. As Costello noted, the BodySnatcher vulnerability is the most severe AI-driven security vulnerability uncovered to date, and users should take immediate action to apply the necessary security updates to mitigate potential threats.
Conclusion and Recommendations
In conclusion, the BodySnatcher vulnerability is a critical security flaw that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability has been patched by ServiceNow, and users are advised to apply an appropriate security update as soon as possible to mitigate potential threats. As Costello emphasized, the BodySnatcher vulnerability is the most severe AI-driven security vulnerability uncovered to date, and users should take immediate action to protect their systems and data. By applying the necessary security updates and taking steps to prevent exploitation, users can help to prevent potential threats and ensure the security and integrity of their systems and data.
https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html