CVE-2025-11450
MEDIUMServiceNow AI Platform - Reflected Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-11450. PoCs published by DanielMadsenDK.
AI-analyzed exploit summary This repository provides a mitigation script for CVE-2025-11449 and CVE-2025-11450 in ServiceNow UI Macros, focusing on detecting and remediating vulnerable patterns in sysparm_ parameters. The script identifies and fixes improperly sanitized sysparm_ usage in UI Macros, particularly in $pwd_verify_email and $pwd_verify_personal_data_ui.
Description
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Exploits (1)
This repository provides a mitigation script for CVE-2025-11449 and CVE-2025-11450 in ServiceNow UI Macros, focusing on detecting and remediating vulnerable patterns in sysparm_ parameters. The script identifies and fixes improperly sanitized sysparm_ usage in UI Macros, particularly in $pwd_verify_email and $pwd_verify_personal_data_ui.
References (1)
Scores
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X