CVE-2025-71258 PoC — BMC FootPrints 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-71258.yaml

Associated Vulnerability

Title:BMC FootPrints 代码问题漏洞 (CVE-2025-71258)
Description:BMC FootPrints是美国BMC公司的一个IT服务管理与工单跟踪系统。 BMC FootPrints 20.24.01.001及之前版本存在代码问题漏洞，该漏洞源于searchWeb API组件存在盲服务端请求伪造，且URL验证不当，可能导致经过身份验证的攻击者执行内部网络扫描或与内部服务交互，影响系统可用性。

Description

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery (SSRF) vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling access to internal services and bypassing firewall restrictions. This vulnerability is part of a pre-authenticated RCE chain when combined with CVE-2025-71257 (auth bypass) and CVE-2025-71260 (deserialization).

File Snapshot


 id: CVE-2025-71258

info:
  name: BMC FootPrints 'searchWeb' - Server-Side Request Forgery
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!