Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed >>BodySnatcher,<< this flaw enables unauthenticated attackers to impersonate any ServiceNow user using only their email address, bypassing multi-factor authentication and single sign-on controls to execute privileged AI workflows and create backdoor administrator accounts. […] The post New "BodySnatcher" Flaw Allows Full ServiceNow User Impersonation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/new-bodysnatcher-flaw/
