CVE-2025-71259 PoC — BMC FootPrints 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-71259.yaml

Associated Vulnerability

Title:BMC FootPrints 代码问题漏洞 (CVE-2025-71259)
Description:BMC FootPrints是美国BMC公司的一个IT服务管理与工单跟踪系统。 BMC FootPrints 20.24.01.001及之前版本存在代码问题漏洞，该漏洞源于externalfeed/RSS API组件存在盲服务端请求伪造，且对外部提供的资源引用验证不足，可能导致经过身份验证的攻击者与内部服务交互或导致资源耗尽，影响可用性。

Description

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery (SSRF) vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling access to internal services and bypassing firewall restrictions. This vulnerability is part of a pre-authenticated RCE chain when combined with CVE-2025-71257 (auth bypass) and CVE-2025-71260 (deserialization).

File Snapshot


 id: CVE-2025-71259

info:
  name: BMC FootPrints 'feedUrl' - Server-Side Request Forgery
  author: w

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!