Deserialization Vulnerability Affecting BMC FootPrints ITSM
CVE-2025-71260
8.7HIGH
Key Information:
- Vendor
Bmc Software, Inc.
- Status
- Vendor
- CVE Published:
- 19 March 2026
Badges
๐พ Exploit Exists๐ฃ EPSS 34%
What is CVE-2025-71260?
The BMC FootPrints ITSM application is susceptible to a vulnerability in its ASP.NET VIEWSTATE handling mechanism that allows authenticated users to exploit the system. By supplying specially crafted serialized objects through the VIEWSTATE parameter, attackers can gain the ability to execute arbitrary code, leading to a complete compromise of the application. It is crucial for users operating affected versions to apply the available hotfixes to mitigate the risk.
Affected Version(s)
FootPrints 20.20.02 <= 20.24.01.001
References
EPSS Score
34% chance of being exploited in the next 30 days.
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Sonny of watchTowr
