CVE-2025-11450
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Summary
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ServiceNow | ServiceNow AI Platform | 0 < Washington DC Patch 10 Hot Fix 7b | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Xanadu Patch 10 Hot Fix 1a | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Xanadu Patch 11 | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Yokohama Patch 7 Hot Fix 2a | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Yokohama Patch 8 | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Yokohama Patch 9 | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Zurich Patch 1 Hot Fix 1a | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Zurich Patch 2 | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Zurich Patch 3 | affected |
| ServiceNow | ServiceNow AI Platform | 0 < Australia General Availability (GA) | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.