CVE-2025-11449
MEDIUMServiceNow AI Platform - Reflected Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-11449. PoCs published by DanielMadsenDK.
AI-analyzed exploit summary This repository contains a ServiceNow script designed to detect and mitigate CVE-2025-11449 and CVE-2025-11450 vulnerabilities in UI Macros by identifying and replacing unsafe sysparm_ parameter patterns. It does not exploit the vulnerability but provides a remediation tool.
Description
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Exploits (1)
This repository contains a ServiceNow script designed to detect and mitigate CVE-2025-11449 and CVE-2025-11450 vulnerabilities in UI Macros by identifying and replacing unsafe sysparm_ parameter patterns. It does not exploit the vulnerability but provides a remediation tool.
References (1)
Scores
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X