CVE-2025-71260
Deserialization Vulnerability in BMC FootPrints ITSM Enables RCE
Publication date: 2026-03-19
Last updated on: 2026-04-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | footprints_itsm | From 20.20.02 (inc) to 20.24.01.001 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-71260 is a high-severity remote code execution vulnerability affecting BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001.'}, {'type': 'paragraph', 'content': "The vulnerability arises from insecure deserialization of untrusted data in the ASP.NET servlet's VIEWSTATE parameter."}, {'type': 'paragraph', 'content': 'Authenticated attackers can exploit this by supplying crafted serialized objects to the VIEWSTATE parameter, which allows them to execute arbitrary code and fully compromise the application.'}, {'type': 'paragraph', 'content': 'The attack requires authentication but no user interaction, and it has a low attack complexity.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to a full compromise of the affected application.
An attacker who successfully exploits it can execute arbitrary code remotely, impacting the confidentiality, integrity, and availability of the system.
Because the attack is network-based and requires only low privileges and no user interaction, it poses a significant security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves deserialization of untrusted data in the ASP.NET servlet's VIEWSTATE parameter, which can be exploited by supplying crafted serialized objects. Detection typically involves monitoring for unusual or malformed VIEWSTATE parameters in HTTP requests to the BMC FootPrints ITSM application."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires authentication and targets the VIEWSTATE parameter, you can detect potential exploitation attempts by inspecting web server logs or using web application firewall (WAF) rules to flag suspicious VIEWSTATE payloads.'}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the available resources, but general approaches include:'}, {'type': 'list_item', 'content': 'Using network traffic capture tools (e.g., tcpdump, Wireshark) to filter HTTP POST requests containing VIEWSTATE parameters.'}, {'type': 'list_item', 'content': 'Analyzing web server logs for anomalous or unusually large VIEWSTATE values.'}, {'type': 'list_item', 'content': 'Deploying or configuring WAF rules to detect and block suspicious serialized object payloads in VIEWSTATE.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the available hotfixes provided by BMC for FootPrints ITSM. The hotfixes address the vulnerability in versions 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Until the hotfix is applied, restrict access to the affected application to trusted users only, as the vulnerability requires authentication.
Additionally, consider implementing web application firewall (WAF) rules to detect and block malicious VIEWSTATE payloads to reduce the risk of exploitation.