ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
14.01.2026
10060
ServiceNow fixed CVE-2025-12420, a critical flaw that let unauthenticated attackers impersonate users on its AI Platform.
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow just dropped a critical patch for its AI Platform — and this one's spicy. CVE-2025-12420 lets unauthenticated attackers straight-up impersonate users. No login, no credentials, just full-on identity theft in the cloud.
The vulnerability was discovered by security researchers who found that the platform's access control mechanisms had a gaping hole. Attackers could bypass authentication entirely and assume the identity of any user on the system.
ServiceNow has now released patches across all affected versions. If you're running their AI Platform, update immediately — this isn't something you want to leave hanging.
- • CVE-2025-12420: Critical severity
- • Unauthenticated attackers can impersonate users
- • Affects ServiceNow AI Platform
- • Patches available for all versions
- • Update required immediately
This is exactly the kind of vulnerability that keeps CISOs up at night. AI platforms handling sensitive data with broken access controls? That's a recipe for disaster. ServiceNow caught it in time, but this serves as a reminder: even the biggest players can have critical security gaps.
#AI platforms#user impersonation#unauthenticated access#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
