ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. It has been codenamed BodySnatcher by AppOmni. "This issue [.
For Government & Public Sector, a breach of this nature could have far-reaching consequences, compromising sensitive citizen data, disrupting essential services, and eroding public trust in government IT systems. Legal & Professional Services firms using ServiceNow's AI platform would be exposed to potential compliance violations (e.g., GDPR), reputational damage, and financial penalties.
Businesses utilizing ServiceNow's AI Platform must immediately prioritize patching CVE-2025-12420 to prevent unauthorized access and data breaches. This incident necessitates a review of existing security protocols for AI-driven workflows and a heightened awareness of potential vulnerabilities in integrated systems to avoid cascading failures.