LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2025-71257

CVE-2025-71257 - Vulnerability Analysis

MediumCVSS: 7.3

Last Updated: March 20, 2026

BMC FootPrints ITSM - Authentication Bypass

Published: March 19, 2026Updated: March 20, 2026PoC AvailableRemote Exploitable

Overview

BMC FootPrints ITSM 20.20.02 through 20.24.01.001 contains an authentication bypass caused by improper enforcement of security filters on restricted REST API endpoints and servlets, letting unauthenticated remote attackers access and modify application data and system resources.

Severity & Score

Severity: Medium
CVSS Score: 7.3
EPSS Score: 357.9%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can bypass access controls to access and modify application data and system resources.

Mitigation

Apply hotfixes 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, or 20.24.01.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 23, 2026

📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1444 Severity: - Critical: 89 - High: 472 - Medium: 648 - Low: 83 - None: 152 Status: - : 57 - Analyzed: 366 - Awaiting Analysis: 475 - Modified: 12 - Received: 339 - Rejected: 13 - Undergoing Analysis: 182 Top CNAs: - GitHub, Inc.: 376 - VulnCheck: 209 - VulDB: 151 - Wordfence: 133 - MITRE: 72 - N/A: 57 - kernel.org: 45 - Patchstack: 39 - Chrome: 26 - Zero Day Initiative: 23 Top Affected Products: - UNKNOWN: 994 - Openclaw: 79 - Google Chrome: 26 - Mattermost Server: 20 - Canva Affinity: 19 - Dlink Dns-321 Firmware: 15 - Dlink Dns-320 Firmware: 15 - Dlink Dns-345 Firmware: 15 - Dlink Dns-326 Firmware: 15 - Dlink Dns-1100-4 Firmware: 15 Top EPSS Score: - CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493) - CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260) - CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257) - CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596) - CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583) - CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497) - CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259) - CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060) - CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258) - CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)

View original post

GitHub Repositories(1 repo)

Related Resources

Details

CVE ID
CVE-2025-71257
Severity
Medium
CVSS Score
7.3
Type
broken_access_control
Status
unconfirmed
EPSS
357.9%
Nuclei
Available
Social Posts
1

CWE

  • CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

357.9%Probability of exploitation in the next 30 days

Nuclei Template

View Nuclei Template