AppOmni has identified a critical vulnerability in the ServiceNow platform, labeled BodySnatcher (CVE-2025-12420), which allows unauthenticated users to impersonate any ServiceNow account using just an email address. This flaw bypasses multifactor authentication (MFA) and single sign-on (SSO), enabling attackers to create a compromised artificial intelligence (AI) agent with escalated privileges via ServiceNow’s Virtual Agent API. Although ServiceNow has issued a patch to address this vulnerability, AppOmni warns that as AI agents gain traction in SaaS applications, the risks escalate, making them attractive targets for cybercriminals.
Cybersecurity teams are urged to evaluate the security measures surrounding AI deployments, as many safeguards can be easily circumvented. Employee education is crucial to mitigate risks. With the rapid adoption of AI agents, organizations must prepare for potential breaches involving extensive sensitive data, which could have significant repercussions. Awareness and proactive security strategies are essential to combat this evolving threat landscape.
Source link
