ServiceNow patches critical security flaw which could allow user impersonation (www.techradar.com)

ServiceNow has patched a critical security vulnerability designated as CVE-2025-12420, with a severity score of 9.3 out of 10, which allowed unauthorized users to impersonate legitimate users within its AI Platform, potentially granting them access to perform sensitive operations. Discovered by SaaS security firm AppOmni and nicknamed "BodySnatcher," this flaw raised significant concerns as it could enable attackers to exploit the platform’s capabilities to the detriment of organizations. The significance of this patch lies in the critical nature of the flaw, especially given the increasing reliance on AI-driven tools for automating IT and business processes. While there have been no reported instances of exploitation, cybersecurity experts warn that unpatched systems remain vulnerable post-fix, as many organizations may not apply updates promptly. ServiceNow's swift action to release patches across various application versions, including Now Assist AI Agents and Virtual Agent API, underscores the urgency of maintaining robust security measures in AI platforms, reflecting the broader imperative for vigilance in protecting AI/ML systems from potential abuse.