Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed “BodySnatcher,” this flaw enables unauthenticated attackers to impersonate any ServiceNow user using only their email address, bypassing multi-factor authentication and single sign-on controls to execute privileged AI workflows and create backdoor administrator accounts. […]

The post New “BodySnatcher” Flaw Allows Full ServiceNow User Impersonation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/new-bodysnatcher-flaw/