CVE-2025-12420 is a vulnerability classified under CWE-250 (Execution with Unnecessary Privileges) affecting the Now Assist AI Agents component of the ServiceNow AI Platform. This flaw allows an unauthenticated attacker to impersonate any user within the system, thereby gaining the ability to perform all operations that the impersonated user is entitled to execute. The vulnerability stems from improper privilege management within the AI agent's execution context, enabling privilege escalation without authentication or user interaction. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no authentication required (AT:N), and no user interaction (UI:N), with high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The scope is unchanged (S:N), but the vulnerability affects multiple security properties and requires urgent remediation. ServiceNow deployed security updates in October 2025 to hosted instances and provided patches for self-hosted and uniquely configured environments, including updates to Store App versions. Although no exploits have been observed in the wild, the critical nature of this vulnerability and the ease of exploitation make it a significant threat. The vulnerability could lead to unauthorized data access, manipulation, and disruption of IT service management processes, potentially impacting business continuity and sensitive information security.

For European organizations, this vulnerability poses a severe risk due to the widespread use of ServiceNow for IT service management, workflow automation, and AI-driven assistance. Successful exploitation could lead to unauthorized access to sensitive corporate data, disruption of critical IT operations, and potential compliance violations under GDPR due to unauthorized data exposure. The ability to impersonate any user without authentication means attackers could escalate privileges, access confidential information, alter configurations, or disrupt services. This could impact sectors such as finance, healthcare, government, and critical infrastructure where ServiceNow is commonly deployed. The operational disruption and data breaches could result in financial losses, reputational damage, and regulatory penalties. Given the AI agent’s role in automating tasks, exploitation could also lead to automated propagation of malicious actions within the environment, amplifying the impact.

European organizations should immediately verify their ServiceNow Now Assist AI Agents version and apply the October 2025 security updates or later patches provided by ServiceNow. For self-hosted and uniquely configured instances, coordinate with ServiceNow support to ensure all relevant patches are applied. Conduct thorough audits of user impersonation logs and AI agent activity to detect any anomalous behavior indicative of exploitation attempts. Restrict AI agent privileges to the minimum necessary, avoiding execution with elevated or unnecessary privileges. Implement network segmentation and access controls to limit exposure of ServiceNow instances to untrusted networks. Employ multi-factor authentication and monitor for unusual authentication or access patterns, even though this vulnerability does not require authentication. Regularly review and update incident response plans to include scenarios involving AI agent compromise. Engage with ServiceNow’s security advisories and maintain up-to-date threat intelligence to respond promptly to any emerging exploit activity.