Vulnerability Description
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-11449?
CVE-2025-11449 is a documented vulnerability. ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the b...
How severe is CVE-2025-11449?
CVSS scoring is not yet available for CVE-2025-11449. Check NVD for updates.
Is there a patch for CVE-2025-11449?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.