CVE-2025-71260 PoC — BMC FootPrints 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2025/CVE-2025-71260.yaml

Associated Vulnerability

Title:BMC FootPrints 代码问题漏洞 (CVE-2025-71260)
Description:BMC FootPrints是美国BMC公司的一个IT服务管理与工单跟踪系统。 BMC FootPrints 20.24.01.001及之前版本存在代码问题漏洞，该漏洞源于ASP.NET servlet的VIEWSTATE处理存在不受信任数据反序列化，可能导致经过身份验证的攻击者通过特制序列化对象执行任意代码，完全控制应用程序。

Description

BMC FootPrints Asset Core is vulnerable to pre-authentication remote code execution via Java deserialization in the aspnetconfig endpoint.

File Snapshot


 id: CVE-2025-71260

info:
  name: BMC FootPrints - Deserialization of Untrusted Data (RCE)
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!