Collecting Cyber-News from over 60 sources

BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow

Jan 13, 2026 5:02 PM

Tags: ai, api, authentication, vulnerability

BodySnatcher (CVE-2025-12420) exposes a critical agentic AI security vulnerability in ServiceNow. Aaron Costello’s deep dive analyzes interplay between Virtual Agent API and Now Assist enabled in this exploit.

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2026/01/bodysnatcher-cve-2025-12420-a-broken-authentication-and-agentic-hijacking-vulnerability-in-servicenow/

BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow

also interesting: