CVE-2025-71258
Blind SSRF Vulnerability in BMC FootPrints ITSM searchWeb API
Publication date: 2026-03-19
Last updated on: 2026-04-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | footprints_itsm | From 20.20.02 (inc) to 20.24.01.001 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-71258 is a blind Server-Side Request Forgery (SSRF) vulnerability affecting BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001. It exists in the searchWeb API component, where improper URL validation allows authenticated attackers to make the server initiate arbitrary outbound requests.
This flaw can be exploited to perform internal network scanning or interact with internal services that are normally inaccessible, potentially impacting system availability.
The vulnerability is part of a chain of issues that includes authentication bypass and deserialization vulnerabilities, which together can lead to remote code execution on the server.
How can this vulnerability impact me? :
This vulnerability allows attackers to cause the affected server to make unauthorized outbound requests, which can be used to scan internal networks or interact with internal services.
Such actions can disrupt system availability and potentially expose sensitive internal resources.
Moreover, when combined with related vulnerabilities like authentication bypass and deserialization of untrusted data, it can lead to remote code execution, allowing attackers to execute arbitrary code on the server without authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability CVE-2025-71258 affects the searchWeb API component of BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001, allowing authenticated attackers to cause the server to initiate arbitrary outbound requests due to improper URL validation.
Detection would involve monitoring for unusual outbound HTTP requests initiated by the FootPrints server, especially those targeting internal network addresses or unexpected external endpoints.
Since the vulnerability requires authentication and exploits the searchWeb API, commands or scripts could be used to test the API endpoints for SSRF behavior by sending crafted requests that attempt to trigger outbound connections.
However, no specific detection commands or scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official hotfixes released by BMC for the affected versions of FootPrints ITSM.
- Upgrade to one of the patched versions: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, or 20.24.01.
- Restrict access to the searchWeb API component to trusted authenticated users only.
- Monitor and audit outbound requests from the FootPrints server to detect any suspicious activity.
Since the vulnerability is part of a chain involving authentication bypass and deserialization issues, ensure that all related vulnerabilities are addressed by applying all relevant patches.