Server-Side Request Forgery Vulnerability in BMC FootPrints ITSM
CVE-2025-71259
5.3MEDIUM
Key Information:
- Vendor
Bmc Software, Inc.
- Status
- Vendor
- CVE Published:
- 19 March 2026
Badges
๐พ Exploit Exists๐ฃ EPSS 12%
What is CVE-2025-71259?
A blind server-side request forgery vulnerability in BMC FootPrints ITSM enables authenticated attackers to initiate unauthorized outbound requests from the server. This flaw stems from the inadequate validation of resource references supplied from external sources, allowing attackers to interact with internal services and potentially exhaust resources, affecting system availability. The issue is particularly prominent in versions 20.20.02 to 20.24.01. Users are advised to update to patched versions to mitigate risks.
Affected Version(s)
FootPrints 20.20.02 <= 20.24.01.001
References
EPSS Score
12% chance of being exploited in the next 30 days.
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Sonny of watchTowr
