January 13, 2026 // Vulnerability | #CVE-2025-12420 #Prompt Injection #ServiceNow AI Platform

ServiceNow patches critical AI platform flaw that could allow user impersonation - CyberScoop

A critical vulnerability, CVE-2025-12420 (CVSS 9.3), was patched in ServiceNow's AI platform, allowing unauthenticated user impersonation and unauthorized actions. Furthermore, researchers identified that default configurations in Now Assist AI Agents could facilitate "second-order prompt injection" attacks, enabling low-privileged users to exploit inter-agent communication for data access and privilege escalation.

Source: Original Report ↗
← Back to Feed