ServiceNow Patches Critical AI Platform Vulnerability That Allows User Impersonation
Estimated Reading Time: 8 minutes
Key Takeaways:
- A critical 9.3 CVSS vulnerability (CVE-2025-12420) in ServiceNow AI agents allows unauthenticated attackers to impersonate users via email address alone.
- The January 2026 Patch Tuesday addresses a Windows Desktop Window Manager zero-day (CVE-2026-20805) and removes legacy modem drivers that pose elevation-of-privilege risks.
- Global law enforcement has successfully disrupted the RedVDS cybercrime marketplace and the AISURU/Kimwolf botnet, which leveraged over 2 million Android devices.
- Actionable steps include decommissioning legacy drivers, auditing SaaS identity logic, and implementing strict browser extension allow-lists.
Table of Contents:
- ServiceNow Patches Critical AI Platform Vulnerability That Allows User Impersonation: Technical Analysis
- The January 2026 Patch Tuesday and Windows OS Vulnerabilities
- Botnet Infrastructure and Command-and-Control Disruptions
- Disrupting the RedVDS Cybercrime Marketplace
- Technical Vulnerabilities in FortiSIEM and MongoDB
- Data Breaches and Underground Intelligence
- Actionable Takeaways for Engineering and IT Teams
- Actionable Takeaways for Business Leaders
- PurpleOps Cybersecurity Expertise
- Frequently Asked Questions
ServiceNow Patches Critical AI Platform Vulnerability That Allows User Impersonation: Technical Analysis
The integration of generative artificial intelligence into enterprise service management platforms has introduced novel attack vectors that bypass traditional identity and access management (IAM) controls. On January 14, 2026, details emerged regarding a critical vulnerability in the ServiceNow AI Platform, tracked as CVE-2025-12420. This flaw, characterized by a CVSS score of 9.3, allows unauthenticated attackers to impersonate legitimate users and execute arbitrary actions with their specific privileges.
The vulnerability, identified by researchers at AppOmni and dubbed “BodySnatcher,” resides within ServiceNow’s AI-powered components, specifically the Now Assist AI Agents and Virtual Agent integrations. The root cause is an insecure account-linking logic combined with the use of shared credentials across different ServiceNow instances.
In many enterprise environments, the cyber threat intelligence platform used by security teams must account for SaaS-specific vulnerabilities that bypass Multi-Factor Authentication (MFA) and Single Sign-On (SSO). CVE-2025-12420 enables an attacker to impersonate any user within the target organization using only their email address. By exploiting a hardcoded, platform-wide secret and chaining it with the flawed account-linking logic, the attacker effectively gains the identity of the target user.
ServiceNow confirmed that the vulnerability was addressed on October 30, 2025, through updates deployed to hosted environments. Patches for self-hosted deployments were also released for the following versions:
- Now Assist AI Agents (sn_aia): version 5.1.18 or later, and 5.2.19 or later.
- Virtual Agent API (sn_va_as_service): version 3.15.2 or later, and 4.0.4 or later.
While no active exploitation has been reported, the public disclosure increases the probability of attempts by sophisticated threat actors to leverage this bypass in lateral movement and data exfiltration campaigns.
The January 2026 Patch Tuesday and Windows OS Vulnerabilities
The broader vulnerability environment in January 2026 is defined by several critical flaws in the Microsoft ecosystem. A significant zero-day, CVE-2026-20805, affects the Windows Desktop Window Manager (DWM). Despite a CVSS score of 5.5, Microsoft has confirmed that this flaw is being exploited in the wild.
Analysis indicates that CVE-2026-20805 is being used to undermine Address Space Layout Randomization (ASLR). By identifying where code resides in memory, attackers can chain this vulnerability with separate code execution flaws to create reliable exploits. This underscores the necessity for breach detection tools that monitor for anomalous memory-manipulation activity.
Additional critical fixes in the January 2026 cycle include:
- CVE-2026-20952 and CVE-2026-20953: Remote code execution (RCE) bugs in Microsoft Office that can be triggered simply by viewing a malicious message in the Preview Pane.
- CVE-2023-31096 and Legacy Modem Drivers: Microsoft has removed the
agrsm64.sysandagrsm.sysmodem drivers. These legacy drivers, some decades old, contain elevation-of-privilege vulnerabilities to the SYSTEM level. The mere presence of these drivers renders an asset vulnerable, even if no modem is connected. - CVE-2026-21265 (Secure Boot): A security feature bypass affecting Windows Secure Boot. This relates to the expiration of 2011-era certificates scheduled for mid-to-late 2026. Systems without the 2023 replacement certificates will soon be unable to receive Secure Boot security fixes.
Security teams should also note that Mozilla released updates for Firefox 147 and Firefox ESR 140.7, resolving 34 vulnerabilities. Two of these, CVE-2026-0891 and CVE-2026-0892, are suspected to be under active exploitation. Google also released Chrome 144, fixing 10 security flaws, including a high-severity issue in Chrome WebView (CVE-2026-0628).
Botnet Infrastructure and Command-and-Control Disruptions
Recent efforts in real-time ransomware intelligence and network security have led to the disruption of the AISURU/Kimwolf botnet. Black Lotus Labs at Lumen Technologies reported the null-routing of over 550 command-and-control (C2) nodes associated with this operation.
The Kimwolf botnet primarily targets Android-based devices, specifically unsanctioned Android TV streaming boxes. By exploiting exposed Android Debug Bridge (ADB) services, the botnet has infected more than 2 million devices. The primary function of this botnet is to turn compromised hardware into residential proxy nodes via a software development kit (SDK) called ByteConnect.
These infected nodes are then rented out on residential proxy provider sites. Threat actors use these proxies to blend in with consumer internet traffic, evading detection mechanisms that typically flag datacenter IP addresses. The Kimwolf actors were observed scanning for vulnerable devices using PYPROXY and other services to expand their footprint. Analysis of the C2 infrastructure revealed links to “Resi Rack LLC,” a hosting provider advertised for game servers, which was used to host malware and manage proxy traffic.
Similarly, a sophisticated proxy network involving 832 compromised KeeneticOS routers has been identified across various Russian ISPs. These routers maintain both HTTP and SSH access, allowing threat actors to conduct malicious activities while appearing as ordinary residential users.
Disrupting the RedVDS Cybercrime Marketplace
Microsoft, in coordination with international law enforcement and Europol, announced the seizure of infrastructure belonging to the RedVDS cybercrime marketplace. Since March 2025, RedVDS has facilitated approximately $40 million in fraud losses in the United States alone.
RedVDS operated as a subscription service, offering “disposable virtual computers” for as little as $24 per month. These virtual machines were pre-loaded with unlicensed Windows software and full administrator control, allowing criminals to launch high-volume phishing attacks and business email compromise (BEC) campaigns.
Key metrics from the RedVDS operation include:
- 191,000 compromised Microsoft email accounts across 130,000 organizations.
- 2,600 virtual machines sending an average of one million phishing messages per day.
- Geographical targeting: RedVDS used third-party hosting providers in the U.S., U.K., Canada, France, and the Netherlands to provision IPs near their targets.
The threat group behind RedVDS, tracked as Storm-2470, collaborated with at least five other cybercrime organizations. The marketplace specialized in facilitating payment diversion fraud, particularly targeting real estate, pharmaceutical, and construction sectors.
Technical Vulnerabilities in FortiSIEM and MongoDB
The security of monitoring infrastructure remains a focal point for researchers. A critical vulnerability in Fortinet’s Security Information and Event Management (SIEM) solution, tracked as CVE-2025-25256, has seen the publication of a public exploit.
This vulnerability is a combination of issues within the phMonitor service that permit arbitrary file writes with administrative permissions and subsequent privilege escalation to root. The phMonitor service has been a recurring point of failure for FortiSIEM, with similar flaws identified in previous years. Attackers can execute unauthorized code via crafted TCP requests to port 7900. Fortinet has released patches for versions 7.1.x through 7.4.x, though FortiSIEM 7.5 and Cloud versions are reportedly not affected.
Furthermore, a critical flaw in MongoDB was disclosed involving zlib compression. This vulnerability allows for sensitive data exposure and potential remote exploitation. Organizations using MongoDB should verify their configuration and apply the latest updates to prevent secret leakage.
Data Breaches and Underground Intelligence
Monitoring of underground forums remains critical for breach detection. Recent reports indicate that a BreachForums user database leak has exposed 320,000 accounts. This dataset typically contains usernames, email addresses, and hashed passwords, which are often used in credential stuffing attacks. Utilizing an underground forum intelligence service allows organizations to identify if their corporate credentials have been compromised in such leaks.
Furthermore, brand leak alerting systems have flagged various campaigns involving malicious browser extensions. The “DarkSpectre” extension campaign has impacted an estimated 8.8 million users globally, while other Chrome extensions have been caught specifically targeting and stealing ChatGPT and DeepSeek chat histories from nearly 900,000 users.
Actionable Takeaways for Engineering and IT Teams
To mitigate the risks associated with the ServiceNow AI Platform vulnerability and the concurrent January 2026 threats, technical teams should implement the following:
- SaaS Identity Audit: Review account-linking configurations within ServiceNow Now Assist and Virtual Agent. Ensure that patches for
sn_aiaandsn_va_as_serviceare applied immediately. - Modem Driver Decommissioning: Use endpoint management tools to scan for and remove
agrsm64.sysandagrsm.sysdrivers from all Windows workstations and servers, regardless of whether a physical modem is present. - Secure Boot Certification: Verify the presence of 2023 Secure Boot replacement certificates. Plan for a full BIOS/bootloader update cycle before the mid-2026 expiration of 2011 root certificates.
- Network Port Filtering: Limit access to FortiSIEM port 7900 to authorized internal IP addresses only. Monitor
/opt/phoenix/log/phoenix.logsfor ‘PHL_ERROR’ entries containing unexpected URLs or file paths. - ADB Security: Ensure that Android Debug Bridge (ADB) is disabled on all corporate-managed Android devices and network-connected media players to prevent Kimwolf botnet infection.
- Browser Extension Policy: Implement strictly enforced allow-lists for browser extensions to prevent data exfiltration via rogue AI-targeting extensions.
Actionable Takeaways for Business Leaders
Strategic oversight is required to address the systemic risks posed by AI integration and legacy technical debt:
- AI Governance: Establish clear security protocols for the deployment of AI agents that interact with sensitive corporate data. Ensure that third-party SaaS providers provide transparency regarding their account-linking and authentication logic.
- Supply-Chain Risk: Incorporate supply-chain risk monitoring into the procurement process for IoT and media devices, which are increasingly targeted as conduits for botnet activity and residential proxy abuse.
- Credential Monitoring: Invest in dark web monitoring service capabilities and telegram threat monitoring to receive early warnings regarding leaked corporate credentials or internal data being discussed in illicit marketplaces.
- Ransomware Readiness: Utilize a live ransomware API to feed real-time indicators of compromise (IoCs) into existing security stacks, ensuring that defenses are aligned with the latest tactics of groups like Black Basta or Storm-2470.
PurpleOps Cybersecurity Expertise
PurpleOps provides the comprehensive infrastructure and intelligence required to navigate the current threat environment. Our suite of services is designed to address the specific vulnerabilities highlighted in this report, from SaaS-level impersonation risks to legacy system exploitation.
- Platform Overview: Explore our unified interface for managing enterprise security: PurpleOps Platform
- Vulnerability Management: Access detailed assessments and remediation strategies: PurpleOps Solutions
- Offensive Security: Evaluate your defenses against user impersonation and privilege escalation: Red Team Operations and
- Supply Chain Security: Protect your organization from risks inherent in third-party integrations and hardware: Supply Chain Information Security
- Ransomware Defense: Strengthen your environment against the latest ransomware delivery vectors: Protect Against Ransomware
- External Threat Monitoring: Monitor underground forums and the dark web for leaked credentials and brand risks: Dark Web Monitoring and Cyber Threat Intelligence
As the ServiceNow BodySnatcher vulnerability demonstrates, the shift toward AI-driven automation requires a corresponding shift in identity verification and authentication logic. Proactive patching and the continuous monitoring of both internal infrastructure and external threat marketplaces remain the standard for enterprise security.
Frequently Asked Questions
What is the “BodySnatcher” vulnerability in ServiceNow?
BodySnatcher (CVE-2025-12420) is a critical vulnerability in ServiceNow’s AI Platform that allows unauthenticated attackers to impersonate any user by leveraging flawed account-linking logic and shared platform secrets.
How do I know if my ServiceNow instance is patched?
Check your version of the Now Assist AI Agents (sn_aia) and Virtual Agent API (sn_va_as_service). Ensure they are at version 5.1.18/5.2.19 and 3.15.2/4.0.4 or later, respectively. Hosted instances were patched by ServiceNow in late 2025.
Why are legacy modem drivers dangerous if I don’t use a modem?
Drivers like agrsm64.sys contain elevation-of-privilege vulnerabilities. Because they reside in the system’s driver directory, an attacker with local access can trigger the vulnerability to gain SYSTEM-level privileges even if no physical hardware is connected.
What should I do if my credentials were leaked on BreachForums?
Immediately reset the passwords for all affected accounts, especially if they are reused across corporate systems. Enable Multi-Factor Authentication (MFA) and monitor for unauthorized access attempts through your SIEM or identity provider.