Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-12420
Analyzed
More InfoOfficial Page
Source-psirt@servicenow.com
View Known Exploited Vulnerability (KEV) details
Published At-12 Jan, 2026 | 22:16
Updated At-27 Jan, 2026 | 20:25

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ServiceNow, Inc.
servicenow
>>now_assist_ai_agents>>Versions before 5.1.18(exclusive)
cpe:2.3:a:servicenow:now_assist_ai_agents:*:*:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>now_assist_ai_agents>>Versions from 5.2.0(inclusive) to 5.2.19(exclusive)
cpe:2.3:a:servicenow:now_assist_ai_agents:*:*:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>virtual_agent_api>>Versions before 3.15.2(exclusive)
cpe:2.3:a:servicenow:virtual_agent_api:*:*:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>virtual_agent_api>>Versions from 4.0.0(inclusive) to 4.0.4(exclusive)
cpe:2.3:a:servicenow:virtual_agent_api:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-250Secondarypsirt@servicenow.com
CWE ID: CWE-250
Type: Secondary
Source: psirt@servicenow.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2587329psirt@servicenow.com
Vendor Advisory
Hyperlink: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2587329
Source: psirt@servicenow.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found