BodySnatcher (CVE-2025-12420) exposes a critical agentic AI security vulnerability in ServiceNow. Aaron Costello's deep dive analyzes interplay between Virtual Agent API and Now Assist enabled in this exploit.

The post BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow appeared first on AppOmni.

The post BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow appeared first on Security Boulevard.

Aaron Costello, Chief of Security Research, AppOmni

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/01/bodysnatcher-cve-2025-12420-a-broken-authentication-and-agentic-hijacking-vulnerability-in-servicenow/