CVE-2025-11449: Reflected Cross Site Scripting in ServiceNow AI Platform

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-11449

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Reflected Cross Site Scripting in ServiceNow AI Platform

Source: NVD (National Vulnerability Database)

Vulnerability Description

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

ServiceNow AI Platform 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ServiceNow AI Platform是美国ServiceNow公司的一款AI智能平台。 ServiceNow AI Platform存在安全漏洞，该漏洞源于反射型跨站脚本漏洞，可能导致用户点击特制链接时在浏览器中执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ServiceNow	ServiceNow AI Platform	0 ~ Washington DC Patch 10 Hot Fix 7b	-

II. Public POCs for CVE-2025-11449

#	POC Description	Source Link	Shenlong Link
1	This script automatically detects and remediates CVE-2025-11449 and CVE-2025-11450 security vulnerabilities in ServiceNow UI Macros. These critical vulnerabilities could allow arbitrary code execution in users' browsers through specially crafted links if user-controlled `sysparm_` parameters are not properly sanitized.	https://github.com/DanielMadsenDK/ServiceNow-CVE-2025-11449-CVE-2025-11450-Mitigation-Script	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-11449

Please Login to view more intelligence information

https://nvd.nist.gov/vuln/detail/CVE-2025-11449

IV. Related Vulnerabilities

Same product: ServiceNow AI Platform

Same vendor: ServiceNow

Same weakness: CWE-79

V. Comments for CVE-2025-11449

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-11449

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-11449

III. Intelligence Information for CVE-2025-11449

IV. Related Vulnerabilities

V. Comments for CVE-2025-11449

Leave a comment