AppOmni Discloses BodySnatcher Flaw in ServiceNow

AppOmni this week disclosed a vulnerability in the ServiceNow platform, tracked as CVE-2025-12420, that could enable creation of a malicious AI agent called BodySnatcher. Researchers said an unauthenticated intruder can impersonate any ServiceNow user across affected apps, potentially abusing workflows and integrations. The disclosure highlights risk for ServiceNow customers to assess integrations and apply vendor fixes or mitigations promptly.
Key Points
- 1Identifies CVE-2025-12420 enabling unauthenticated impersonation of any ServiceNow user across apps
- 2Highlights risk that attackers can instantiate a malicious AI agent named BodySnatcher to abuse workflows
- 3Urges security teams to assess ServiceNow integrations, apply vendor fixes or mitigations promptly
Scoring Rationale
Serious new vulnerability with actionable details and CVE tracking, limited by single-vendor scope and incomplete public details.
Sources
Public references used for this report.
Practice with real SaaS & B2B data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all SaaS & B2B problems
