HeadlinesBriefing favicon HeadlinesBriefing.com

ServiceNow BodySnatcher flaw exposes AI security risk

DEV Community •
×

ServiceNow disclosed a patch for CVE-2025-12420, nicknamed BodySnatcher by researchers at AppOmni. The flaw let unauthenticated actors impersonate any user simply by knowing an email address, bypassing multi-factor authentication and single sign-on. With a CVSS 9.3 rating, the bug exposes how enterprise AI inherits legacy security gaps.

Unlike traditional bugs that stay confined to a ticketing system, the vulnerability granted control over AI agents that can execute privileged workflows across dozens of integrated services. This creates privilege multiplication and AI amplification, letting a single breach cascade through the entire infrastructure at machine speed, far outpacing human‑centred detection.

Security teams cannot rely on classic defense in depth or patch cycles alone; they must redesign security architecture for AI‑driven platforms. Organizations that treat AI as a feature risk a repeat of the BodySnatcher scenario, while those building new governance, rapid response playbooks, and tighter AI‑specific controls stand a better chance of containment.