CVE-2025-71260

HIGH NUCLEI

BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE

Title source: cna

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

Nuclei Templates (1)

BMC FootPrints - Deserialization of Untrusted Data (RCE)

CRITICALVERIFIEDby watchTowr,DhiyaneshDk

Shodan: html:"/footprints/servicedesk/"

References (3)

[Patch] https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/

[Exploit] https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/

[Third Party Advisory] https://www.vulncheck.com/advisories/bmc-footprints-itsm-viewstate-deserialization-rce

Scores

CVSS v3 8.8

EPSS 0.3230

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (2)

bmc/footprints_itsm 20.20.02 - 20.24.01.001

BMC Software, Inc./FootPrints 20.20.02 - 20.24.01.001

Published Mar 19, 2026

Tracked Since Mar 19, 2026