ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

Estimated reading time: 8 minutes

Key Takeaways:

  • ServiceNow resolved CVE-2025-12420 (“BodySnatcher”), a 9.3 CVSS flaw allowing total account takeover via AI agents.
  • Microsoft’s January 2026 updates address 114 vulnerabilities, including three zero-days under active exploitation.
  • VoidLink, a sophisticated Zig-based malware, is targeting cloud-native environments across major providers.
  • Recent data leaks at Target and disruptions in healthcare (AZ Monica) highlight the critical need for identity-centric security.

Table of Contents:

The ServiceNow BodySnatcher Vulnerability

The security posture of enterprise software-as-a-service (SaaS) environments is undergoing a significant shift as artificial intelligence (AI) agents gain deeper access to corporate data and workflows. ServiceNow recently addressed a critical vulnerability in its AI platform, tracked as CVE-2025-12420, which allowed unauthenticated attackers to impersonate any user within the system. This vulnerability, identified by researchers at AppOmni and codenamed “BodySnatcher,” represents a significant risk for organizations utilizing Now Assist AI and Virtual Agent integrations.

The flaw received a CVSS score of 9.3, reflecting its potential for complete system compromise without requiring prior authentication. Successful exploitation enables an attacker to perform any action the impersonated user is authorized to execute. In many enterprise environments, this extends to administrative functions, data exfiltration, and the modification of security configurations.

The technical root of CVE-2025-12420 involves a failure in the account-linking logic within the ServiceNow Virtual Agent API and Now Assist AI Agents. According to research findings, the vulnerability stemmed from the platform’s reliance on a simple email address to verify identity, combined with a hardcoded, platform-wide secret. This combination allowed attackers to bypass standard security protocols, including multi-factor authentication (MFA) and single sign-on (SSO) configurations.

By exploiting this logic, an unauthenticated threat actor could remotely drive privileged agentic workflows. Because AI agents are designed to simplify complex enterprise tasks by interacting with various internal databases and tools, an impersonated session grants the attacker the same “agentic” capabilities. This includes the ability to subvert security controls, create backdoor accounts with elevated privileges, or execute second-order prompt injection attacks.

ServiceNow released patches for the affected components on October 30, 2025. The exploitation of identity-linking logic in AI platforms necessitates the use of a comprehensive PurpleOps Solutions to monitor for similar architectural weaknesses across the SaaS stack.

Microsoft January 2026 Patch Tuesday: 114 Flaws and Active Exploitation

Simultaneous with the ServiceNow disclosure, Microsoft released its January 2026 Patch Tuesday updates, addressing 114 vulnerabilities across its ecosystem. This update cycle is particularly critical due to the inclusion of three zero-day vulnerabilities, one of which is confirmed to be under active exploitation in the wild.

Active Exploitation: CVE-2026-20805
The most immediate concern for security engineers is CVE-2026-20805, an information disclosure vulnerability in the Desktop Window Manager (DWM). This flaw allows an authorized attacker to disclose sensitive information locally by reading memory addresses associated with remote Advanced Local Procedure Call (ALPC) ports. Such flaws are frequently used as stepping stones in complex exploit chains to bypass memory protections like Address Space Layout Randomization (ASLR).

The January update includes eight “Critical” vulnerabilities, six of which involve remote code execution (RCE) and two involving elevation of privilege (EoP). The volume of flaws-57 for Elevation of Privilege and 22 for Remote Code Execution-requires systematic PurpleOps Solutions to ensure that patched systems do not retain configuration weaknesses.

Threat intelligence researchers have identified a new, sophisticated Linux malware framework designated as VoidLink. Discovered in December 2025, VoidLink is engineered for long-term, stealthy persistence within cloud-native environments, specifically targeting AWS, Azure, Google Cloud, Alibaba, and Tencent Cloud.

The framework is written primarily in the Zig programming language and utilizes a modular architecture. It features a custom Plugin API inspired by Cobalt Strike’s Beacon Object Files (BOF). VoidLink is cloud-aware; it can detect if it is running within a Docker container or a Kubernetes pod and adapt its evasion techniques accordingly.

Key technical capabilities of VoidLink include:

  • Advanced Rootkit Functionality: Uses LD_PRELOAD, loadable kernel modules (LKM), and eBPF to hide processes.
  • Evasion Strategies: Calculates a “risk score” to adjust behavior and avoid triggering alerts.
  • Anti-Forensics: Wipes shell history and performs “timestomping” on file metadata.
  • P2P Networking: Compromised hosts form a mesh network to maintain control.

This framework is likely the work of China-affiliated threat actors targeting developers to facilitate supply-chain risk monitoring failures and gain access to source code repositories.

Target Source Code Leak and Infostealer Compromise

Recent events surrounding a significant data leak at Target emphasize the risk of credential theft via infostealer malware. Hackers have claimed to possess 860GB of Target’s internal source code and documentation. Samples published on a public Gitea platform have been confirmed as authentic.

Investigators have identified a Target employee workstation that was infected with infostealer malware in late September 2025. This infected machine had access to critical internal services, including IAM, Confluence, and Jira. This event underscores the necessity for PurpleOps Solutions and PurpleOps Solutions to detect the sale of stolen credentials.

Operational Disruption in Healthcare: AZ Monica Cyberattack

The physical consequences of cyber-threats were evident in the recent attack on the Belgian hospital AZ Monica. On January 13, 2026, the hospital was forced to disconnect all servers, resulting in the cancellation of scheduled procedures and the transfer of critical care patients.

While a ransomware demand was not officially confirmed, the shift to paper-based registration suggests a significant disruption. Effective PurpleOps Solutions and real-time ransomware intelligence are critical for preventing the lateral movement required to take such vital systems offline.

Technical Takeaways for Security Teams

  1. SaaS Audit: Immediately verify ServiceNow Now Assist and Virtual Agent API versions. Ensure identity-linking logic does not rely solely on email addresses.
  2. Kernel-Level Monitoring: Implement security tools that can detect unauthorized eBPF program attachments and anomalous LKM loading.
  3. Patch Management: Prioritize Microsoft updates CVE-2026-20805 and CVE-2026-20854.
  4. Credential Hygiene: Implement strict session timeouts and hardware-based MFA to combat infostealers.
  5. Cloud Configuration: Restrict privileged containers and monitor for container escape attempts.

Business and Strategic Advice for Leaders

Executive leadership must recognize that AI integration introduces new vectors for impersonation.

  • Review AI Governance: Grant AI agents the minimum permissions necessary.
  • Infrastructure Resilience: Continuity plans must include manual failover processes for critical data access.
  • Supply Chain Transparency: Demand clarity from SaaS providers regarding account-linking security.
  • Invest in Intelligence: Utilize PurpleOps Solutions and PurpleOps Solutions.

Strengthening Defenses with PurpleOps

The convergence of AI vulnerabilities and cloud-native malware requires a multi-layered strategy. PurpleOps provides the technical expertise to identify these threats before operational failure.

To learn more about securing your AI integrations, visit our platform page or explore our full range of PurpleOps Solutions.

Frequently Asked Questions

What is the “BodySnatcher” vulnerability?
It is a critical flaw (CVE-2025-12420) in ServiceNow’s AI platform that allows unauthenticated attackers to impersonate any user by exploiting flawed account-linking logic.

Which Microsoft zero-day is currently being exploited?
CVE-2026-20805, an information disclosure vulnerability in the Desktop Window Manager (DWM), is confirmed to be under active exploitation as of January 2026.

What makes VoidLink malware particularly dangerous for cloud environments?
VoidLink is written in Zig and is “cloud-aware,” meaning it can detect if it is in a container or pod and utilize eBPF rootkits to hide from standard monitoring tools.

How did Target’s internal source code get leaked?
The leak was traced back to an employee workstation infected with infostealer malware, which allowed hackers to harvest credentials and access internal Git repositories.