CVE-2025-12420 is a vulnerability identified in the ServiceNow Now Assist AI Agents platform, specifically version 5.0.26. The root cause is execution with unnecessary privileges (CWE-250), which allows an unauthenticated attacker to impersonate any user within the system. This impersonation enables the attacker to perform any operations that the impersonated user is entitled to, effectively bypassing authentication and authorization controls. The vulnerability is remotely exploitable without any user interaction or prior authentication, making it highly dangerous. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms network attack vector, low complexity, no authentication, and no user interaction required. The impact metrics (VC:H/VI:H/VA:H) indicate high confidentiality, integrity, and availability impacts, meaning attackers can access sensitive data, modify or delete information, and disrupt services. ServiceNow addressed this vulnerability by deploying security updates to hosted instances in October 2025 and providing patches to self-hosted customers and partners. The vulnerability also affects certain Store App versions, which have been updated accordingly. Although no active exploits have been reported, the critical nature of the flaw demands immediate remediation to prevent potential exploitation.

The vulnerability poses a severe risk to organizations using ServiceNow Now Assist AI Agents, as it allows attackers to impersonate legitimate users without authentication. This can lead to unauthorized access to sensitive corporate data, manipulation or deletion of records, disruption of IT service management workflows, and potential lateral movement within the network. The compromise of privileged accounts could facilitate further attacks, including data exfiltration, ransomware deployment, or sabotage of critical business processes. Given the widespread adoption of ServiceNow in enterprises globally for IT operations, HR, customer service, and security automation, the impact can be extensive, affecting confidentiality, integrity, and availability of critical business functions. The ease of exploitation and lack of required user interaction increase the likelihood of rapid exploitation if unpatched. Additionally, organizations with self-hosted or uniquely configured instances may face delays in patch deployment, increasing exposure time.

Organizations should immediately verify their ServiceNow Now Assist AI Agents version and apply the security updates released in October 2025 or later. For hosted ServiceNow customers, confirm that the vendor has applied the patch to the instance. Self-hosted customers and partners must obtain and deploy the provided security updates without delay. Review and restrict permissions and roles within ServiceNow to minimize privilege exposure. Implement network segmentation and monitoring around ServiceNow instances to detect anomalous activity indicative of impersonation attempts. Enable logging and audit trails for user impersonation and administrative actions to facilitate incident detection and response. Consider deploying Web Application Firewalls (WAF) with rules tuned to detect exploitation attempts targeting ServiceNow APIs. Conduct thorough post-patch testing to ensure no regression or configuration issues. Finally, educate security teams about this vulnerability to maintain heightened vigilance until all systems are confirmed patched.