CVE-2025-71257

HIGH EXPLOITED NUCLEI

BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass

Title source: cna

Exploitation Summary

CVE-2025-71257 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-71257 (authentication bypass) and CVE-2025-71260 (RCE) in BMC FootPrints. The Python script automates the exploitation chain by extracting a SEC_TOKEN, bypassing authentication, and deploying a randomized JSP file to achieve remote code execution.

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and modify system resources. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

Exploits (1)

vulncheck_xdb WORKING POC

remote

https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-71257 (authentication bypass) and CVE-2025-71260 (RCE) in BMC FootPrints. The Python script automates the exploitation chain by extracting a SEC_TOKEN, bypassing authentication, and deploying a randomized JSP file to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BMC FootPrints (versions 20.20.02 to 20.24.01.001)

No auth needed

Prerequisites: Network access to the target BMC FootPrints instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 09, 2026 Full analysis →

Nuclei Templates (1)

BMC FootPrints - Authentication Bypass

MEDIUMVERIFIEDby watchTowr,DhiyaneshDk

Shodan: html:"/footprints/servicedesk/"

FOFA: body="/footprints/servicedesk/"

References (3)

Core 3

Core References

Patch patch

https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/bmc-footprints-itsm-authentication-bypass

Exploit technical-description exploit

https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/

Scores

CVSS v3 7.3

EPSS 0.1254

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2026-04-01

CWE

CWE-306

Status published

Products (2)

bmc/footprints_itsm 20.20.02 - 20.24.01.001

BMC Software, Inc./FootPrints 20.20.02 - 20.24.01.001

Published Mar 19, 2026

Tracked Since Mar 19, 2026