CVE-2025-11450

Published: Oct 10, 2025

Modified: Oct 10, 2025

PUBLISHED

Description

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.

Vendor	Product	Versions
ServiceNow	ServiceNow AI Platform	affected `0 - < Washington DC Patch 10 Hot Fix 7b` affected `0 - < Xanadu Patch 10 Hot Fix 1a` affected `0 - < Xanadu Patch 11` affected `0 - < Yokohama Patch 7 Hot Fix 2a` affected `0 - < Yokohama Patch 8` +5 more versions

Weaknesses (CWE)

CWE-79

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2552817

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11450

Description

Affected Products

Weaknesses (CWE)

References