ServiceNow has addressed a critical security vulnerability, known as BodySnatcher, which allowed unauthenticated attackers to impersonate any user on its AI platform. By exploiting a flaw in account-linking logic, hackers could bypass security protocols like multi-factor authentication to execute unauthorized actions with administrative privileges.
ServiceNow recently fixed a major security flaw in its AI Platform that could have allowed unauthorized individuals to take over user accounts. This vulnerability, identified as CVE-2025-12420, was assigned a nearly perfect severity score of 9.3 due to its potential for total system compromise. Security researchers discovered that the issue resided within the platform’s Virtual Agent integration, which incorrectly trusted simple email addresses for identity verification.
The flaw enabled attackers to bypass standard security measures, including single sign-on and multi-factor authentication, by using a hardcoded platform secret. Once an attacker gained access, they could effectively remote control an organization’s AI tools to perform any action the impersonated user was permitted to do. This level of access meant that a malicious actor could impersonate a high-level administrator and gain full control over corporate workflows.
The vulnerability was discovered and reported by Aaron Costello of AppOmni, who described it as one of the most significant AI-driven security risks found to date. According to the research, the flaw allowed attackers to drive privileged agentic workflows, essentially weaponizing the AI to subvert security controls. This could lead to the creation of backdoor accounts or the modification of sensitive records without the organization's knowledge.
ServiceNow took action on October 30, 2025, by rolling out patches to the majority of its hosted instances and providing updates for partners and self-hosted customers. The company confirmed that the fix is included in specific versions of the Now Assist AI Agents and the Virtual Agent API. While there have been no confirmed reports of the flaw being exploited by hackers in the wild, the company urged all users to update their systems immediately to prevent future attacks.
This discovery follows earlier concerns regarding the security of generative AI platforms and their susceptibility to prompt injection and data exfiltration. Experts warn that as enterprises increasingly rely on automated AI agents, the risk of attackers hijacking these tools to steal sensitive data or escalate privileges grows. The mitigation of BodySnatcher represents a critical step in securing the infrastructure that powers modern enterprise artificial intelligence.
Source: ServiceNow Fixes Critical AI Flaw Allowing Unauthenticated Impersonation