CVE-2025-71258

MEDIUM NUCLEI

BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb

Title source: cna

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to perform internal network scanning or interact with internal services, impacting system availability. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

Nuclei Templates (1)

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

HIGHVERIFIEDby watchTowr,DhiyaneshDk

Shodan: html:"BMC Software"

FOFA: body="/footprints/servicedesk/"

References (3)

[Patch] https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/

[Exploit] https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/

[Third Party Advisory] https://www.vulncheck.com/advisories/bmc-footprints-itsm-blind-ssrf-in-searchweb

Scores

CVSS v3 4.3

EPSS 0.0229

EPSS Percentile 84.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-918

Status published

Products (2)

bmc/footprints_itsm 20.20.02 - 20.24.01.001

BMC Software, Inc./FootPrints 20.20.02 - 20.24.01.001

Published Mar 19, 2026

Tracked Since Mar 19, 2026