ServiceNow has disclosed and patched a critical vulnerability in its AI Platform that allows unauthenticated remote attackers to execute arbitrary code on affected instances. The flaw, which carries a CVSS score of 9.8, poses severe risks to healthcare organizations where ServiceNow is widely deployed for IT service management, patient portal operations, and clinical workflow automation.
The vulnerability exists in how ServiceNow’s AI Platform handles certain API requests. An attacker can exploit the flaw without any authentication, gaining the ability to run malicious code on the underlying server. Given that many healthcare providers use ServiceNow to manage sensitive patient data, incident response ticketing, and compliance tracking, a successful exploit could lead to data breaches, ransomware deployment, or prolonged service disruption affecting patient care.
ServiceNow has released patches for all affected versions and urged customers to apply them immediately. Healthcare CISOs are advised to prioritize this update given the critical severity and the active exploitation landscape. The disclosure comes amid a broader trend of attackers targeting enterprise SaaS platforms used in healthcare, as highlighted in recent Microsoft Threat Intelligence reports on ShinyHunters OAuth abuse targeting similar platforms.
Healthcare organizations using ServiceNow should verify their patch status, enable multi-factor authentication on all administrative interfaces, and review API access logs for signs of unauthorized activity. The HHS Health Sector Cybersecurity Coordination Center has been notified of the vulnerability and may issue a sector-specific alert in the coming days.
