ServiceNow Security Issues Disrupt Enterprise Workflows and Operations

ServiceNow has recently experienced several high‑impact security issues that disrupted enterprise workflows—these include the “Count(er) Strike” ACL misconfiguration flaw that allowed unauthorized data inference, a critical AI platform vulnerability (“BodySnatcher”) enabling user impersonation, and a certificate expiration incident that halted key integrations—each of which had tangible operational consequences for enterprise users.

Recent Security Incidents That Disrupted Enterprise Operations

Count(er) Strike: Data Inference via ACL Loophole

The “Count(er) Strike” vulnerability (CVE‑2025‑3648) exploited a flaw in how ServiceNow evaluated Access Control Lists (ACLs). A single satisfied ACL could grant data access even when others denied it, allowing attackers to infer sensitive information—like PII, credentials, and financial data—by manipulating query filters and observing record count behavior .

Discovered in February 2024 by Varonis Threat Labs, patches were released in September 2024 and March 2025, with CVE issued July 8, 2025 . ServiceNow introduced new defenses—Query ACLs, Security Data Filters, and a “Deny Unless ACL” policy—to compel stricter access checks . While no confirmed exploitation occurred, the flaw posed significant risks for enterprises handling vast sensitive datasets.

BodySnatcher: AI Platform Vulnerability & User Impersonation

ServiceNow’s AI components—Now Assist and Virtual Agent API—were found vulnerable to a critical security flaw (CVE‑2025‑12420), dubbed “BodySnatcher.” An attacker could impersonate legitimate users and conduct unauthorized actions, with a severity score of 9.3/10 . AppOmni discovered the issue in October 2025; patches deployed on October 30, 2025 covered most hosted instances and were disseminated to partners and self-hosted customers . Although exploitation wasn’t observed in the wild, delayed patching remained a concern.

Certificate Expiry: MID Server Integration Disruption

On September 24, 2024, ServiceNow suffered an SSL certificate expiration—the MID Server Root G2 certificate—which caused widespread disruptions across orchestration, discovery, integrations, and AI-powered Virtual Agent functionality. Over 600 organizations were impacted, experiencing failures in instance-to-instance connectivity, update retrievals, and critical automation workflows . Enterprises voiced frustration about delayed notifications and the haphazard handling of the certificate renewal, especially given advanced awareness of the issue within ServiceNow .

Additional Emerging Security Complexity

Second‑Order Prompt Injection: AI Agents as Malicious Insiders

Security researchers from AppOmni revealed a new risk in how Now Assist AI agents interact. In a “second‑order prompt injection,” a less-privileged AI agent could, via malformed input, trick a higher-privileged agent into executing unauthorized tasks—like exporting sensitive data—without human oversight. Although not a vulnerability per se, this design risk prompted documentation updates and recommended mitigations like supervised execution, segmentation, and monitoring .

Tangible Impacts on Enterprise Workflows

• Disruption of automation pipelines, orchestrations, and AI services due to SSL certificate failure.
• Elevated risk of unauthorized data access via simple ACL misconfigurations, threatening data integrity and compliance.
• Potential for identity misuse and unauthorized actions through AI vulnerabilities, with reputational and compliance implications.
• Elevated operational overhead—security teams scrambled to patch, reconfigure ACLs, update systems, and monitor for emerging threats.

Expert Insight

“AI is rewriting the rules of cybersecurity and risk management… CISOs are looking to use AI to drive productivity and improve their protection and response capabilities… so organizations can move faster, respond smarter, and stay ahead of evolving threats.”
— Lou Fiorello, Group VP & GM, Security and Risk at ServiceNow

This underscores the imperative for robust, resilient security design—even as AI accelerates workflows.

Strategic Recommendations for Enterprise Customers

1. Patch Vigilantly – Immediately apply all available security updates, including those addressing CVE‑2025‑3648 and CVE‑2025‑12420.
2. Review ACL Configurations – Audit sensitive tables and implement mandatory “Deny‑Unless” ACL posture to prevent inference attacks.
3. Monitor AI Agent Interactions – Implement supervised execution, disable agent autonomy, and segment agent duties to limit second‑order prompt risks.
4. Plan for Certificate Lifecycle – Establish proactive expiration monitoring for certificates, enabling seamless renewals to avoid service disruption.
5. Bolster AI‑Driven Security – Leverage new ServiceNow AI Security and Risk agents and explore integrations with security toolchains via recent acquisitions like Armis (expected mid‑2026) .

Conclusion

ServiceNow security incidents have directly disrupted enterprise workflows—ranging from automation breakdowns to potential data exposure and identity impersonation threats. While ServiceNow has responded with patches and new security features, the incidents underscore how misconfigurations, AI design risks, and operational oversights can cascade into critical business disruptions. It’s essential for organizations to maintain vigilant patching, robust configuration, and oversight layered with appropriate security tooling and AI-aware strategies.

FAQs

What was the “Count(er) Strike” vulnerability and how did it affect enterprises?
It was a data inference flaw in ServiceNow where misconfigured ACLs allowed unauthorized users to extract sensitive data by manipulating record count queries. It posed risks to PII, credentials, and confidential business data until ServiceNow patched it in Sept 2024 and March 2025.

Is the “BodySnatcher” AI flaw actively exploited?
No evidence suggests active exploitation. Still, because the vulnerability allowed user impersonation within AI modules, organizations were urged to apply patches immediately to mitigate risk.

Could the AI prompt-injection risk lead to insider threats?
Yes. In specific configurations, low‑privileged AI agents can instruct higher‑privileged ones to execute unauthorized tasks—effectively acting as “malicious insiders.” Monitoring, supervisor controls, and segmented agent duties are key mitigations.

Why did the SSL certificate expiry cause widespread disruption?
The root SSL certificate for MID Server expired, causing integration failures across Orchestration, Discovery, and Virtual Agent functions. Hundreds of organizations were affected—highlighting the importance of certificate lifecycle management.

How can enterprises improve AI security on ServiceNow?
They should enforce supervised agent execution, disable autonomous overrides, segment agent tasks, monitor inter-agent activity, and integrate threat detection—especially as ServiceNow enhances security through acquisitions like Armis.

Has ServiceNow taken steps to prevent similar issues in future?
Yes. Beyond patching, ServiceNow has launched AI‑powered security agents, expanded compliance workflows, and reinforced orchestration capabilities. Strategic moves like the Armis acquisition and integrations underscore their commitment to a more resilient security platform.

Word count: approximately 1,190 words.