CVE-2025-71260 - BMC FootPrints ITSM - Remote Code Execution

Overview

BMC FootPrints ITSM 20.20.02 through 20.24.01.001 contains an insecure deserialization vulnerability in ASP.NET servlet VIEWSTATE handling, letting authenticated attackers execute arbitrary code remotely, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary code remotely, fully compromising the application.

Mitigation

Apply hotfixes 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, or 20.24.01.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2025-71260 - High (8.8) BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply cr... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71260/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2025-71260 - High (8.8) BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply cr... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71260/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260

CVE-2025-71260 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

GitHub Repositories(1 repo)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score