CVE-2025-71257 PoC — BMC FootPrints 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-71257.yaml

Associated Vulnerability

Title:BMC FootPrints 访问控制错误漏洞 (CVE-2025-71257)
Description:BMC FootPrints是美国BMC公司的一个IT服务管理与工单跟踪系统。 BMC FootPrints 20.24.01.001及之前版本存在访问控制错误漏洞，该漏洞源于对受限REST API端点和servlet的安全过滤器执行不当，可能导致未经验证的远程攻击者绕过访问控制，获取未经授权的应用程序数据访问权限并修改系统资源。

Description

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SEC_TOKEN session cookie without proper authentication. This vulnerability enables exploitation of other vulnerabilities in the chain including CVE-2025-71258 and CVE-2025-71259 (SSRF) and CVE-2025-71260 (deserialization RCE).

File Snapshot


 id: CVE-2025-71257

info:
  name: BMC FootPrints - Authentication Bypass
  author: watchTowr,Dhiyane

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!