AppOmni security researchers have disclosed BodySnatcher, tracked as CVE-2025-12420, a critical authentication bypass vulnerability in ServiceNow Now Assist AI Agents that enables complete platform compromise without authentication. The flaw affects nearly half of AppOmni Fortune 100 customers using ServiceNow applications and was discovered by Chief of Security Research Aaron Costello in October 2025.

The vulnerability chains multiple security weaknesses including a hardcoded platform-wide authentication secret embedded across all ServiceNow instances. The static credential named servicenowexternalagent functions as a universal bypass for the Virtual Agent API. Combined with insecure account linking that requires only an email address, attackers can impersonate administrators and bypass MFA and SSO entirely.

Technical exploitation chains four elements: the shared authentication token to access Virtual Agent API, email-based identity spoofing via auto-linking, a hardcoded agent identifier present across instances, and pre-configured admin role IDs identical in all environments. An unauthenticated attacker located anywhere could create new admin-level user accounts, grant themselves full platform access, and exfiltrate sensitive data including social security numbers, healthcare information, and financial records.

ServiceNow has released patches for Now Assist AI Agents versions 5.1.18 and 5.2.19, and Virtual Agent API versions 3.15.2 and 4.0.4. Cloud-hosted customers received automatic patches while on-premise deployments require immediate manual upgrades. Organizations should verify patch status across all ServiceNow instances.

AppOmni recommends enforcing MFA during account linking using software-based authenticators, implementing automated AI agent approval workflows, de-provisioning unused agents regularly, and establishing lifecycle management policies for agent oversight. The vulnerability underscores the critical need for security review of AI agent deployments in enterprise platforms.