CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform

🗓️ 12 Jan 2026 21:29:37Reported by SNType

An unauthenticated privilege escalation in the ServiceNow AI Platform enables impersonation; updates were applied in October 2025.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-12420	12 Jan 202621:59	–	circl
CNNVD	ServiceNow AI Platform 安全漏洞	12 Jan 202600:00	–	cnnvd
CVE	CVE-2025-12420	12 Jan 202621:29	–	cve
EUVD	EUVD-2025-206275	13 Jan 202600:30	–	euvd
NVD	CVE-2025-12420	12 Jan 202622:16	–	nvd
OSV	CVE-2025-12420	12 Jan 202622:16	–	osv
Positive Technologies	PT-2026-2305	12 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-12420	13 Jan 202622:52	–	redhatcve
The Hacker News	⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More	19 Jan 202613:17	–	thn
The Hacker News	ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation	13 Jan 202611:47	–	thn

[
  {
    "defaultStatus": "unaffected",
    "product": "Now Assist AI Agents",
    "vendor": "ServiceNow",
    "versions": [
      {
        "lessThanOrEqual": "5.1.17",
        "status": "affected",
        "version": "5.0.26",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "5.2.18",
        "status": "affected",
        "version": "5.0.26",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Agent API",
    "vendor": "ServiceNow",
    "versions": [
      {
        "lessThan": "3.15.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.0.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.servicenow.com/kb

13 Jan 2026 16:36Current

CVSS 410

EPSS0.1737

CWE-250