Summary
ServiceNow patched a critical privilege escalation vulnerability (CVE-2025-12420) in its AI platform that allowed unauthenticated attackers to impersonate users and execute unauthorized actions.
Take Action:
If yoy are using self hosted ServiceNow, this is very important. Make sure the API is isolated from the internet if possible and accessible from trusted networks only. Then patch. If your ServiceNow must be exposed to the internet, this is urgent. Start patching now.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)