Overview
- The vulnerability is tracked as CVE-2025-12420 with a CVSS score of 9.3 and was attributed to research by AppOmni’s Aaron Costello.
- ServiceNow said it deployed fixes to most hosted instances on October 30, 2025, and provided patches to partners and self-hosted customers.
- Affected components include Now Assist AI Agents and the Virtual Agent API, with fixes in versions 5.1.18+ and 5.2.19+ for AI Agents and 3.15.2+ and 4.0.4+ for the API.
- The company reported no evidence of exploitation before remediation and urged customers to upgrade promptly.
- AppOmni’s tests showed default agent discovery and grouping can create second‑order injection paths, prompting guidance to restrict agent discovery, require human approval for powerful actions, segment agent teams, and monitor behavior.