{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:17:04.339","vulnerabilities":[{"cve":{"id":"CVE-2025-12420","sourceIdentifier":"psirt@servicenow.com","published":"2026-01-12T22:16:07.470","lastModified":"2026-01-27T20:25:54.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform.\n\nServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en la Plataforma de IA de ServiceNow que podría permitir a un usuario no autenticado suplantar a otro usuario y realizar las operaciones a las que el usuario suplantado tiene derecho a realizar.\n\nServiceNow ha abordado esta vulnerabilidad mediante el despliegue de una actualización de seguridad relevante en las instancias alojadas en octubre de 2025. También se han proporcionado actualizaciones de seguridad a los clientes autoalojados de ServiceNow, socios y clientes alojados con configuraciones únicas. Además, la vulnerabilidad se aborda en las versiones de la aplicación de la tienda enumeradas. Recomendamos que los clientes apliquen rápidamente una actualización de seguridad o una actualización de versión apropiada si aún no lo han hecho."}],"metrics":{"cvssMetricV40":[{"source":"psirt@servicenow.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@servicenow.com","type":"Secondary","description":[{"lang":"en","value":"CWE-250"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:servicenow:now_assist_ai_agents:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.18","matchCriteriaId":"981D4C38-EC4B-42F1-96D2-83B02403ABD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:servicenow:now_assist_ai_agents:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndExcluding":"5.2.19","matchCriteriaId":"160208ED-E032-4B34-BC89-0AC7B2C0808A"},{"vulnerable":true,"criteria":"cpe:2.3:a:servicenow:virtual_agent_api:*:*:*:*:*:*:*:*","versionEndExcluding":"3.15.2","matchCriteriaId":"B619348E-A16D-4A69-9CB6-58A2FFC0BAED"},{"vulnerable":true,"criteria":"cpe:2.3:a:servicenow:virtual_agent_api:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.4","matchCriteriaId":"0F8C6775-D097-491A-9246-0C691EB680E3"}]}]}],"references":[{"url":"https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2587329","source":"psirt@servicenow.com","tags":["Vendor Advisory"]}]}}]}