CVE-2025-71258 Scanner

BMC FootPrints is a popular service desk and customer service management software that is often used by businesses to streamline customer service operations. IT departments and helpdesk teams rely on it to manage, track, and report on customer service requests and issues. The software is designed to improve efficiency by automating workflows and providing a centralized hub for information management. It is widely used in enterprises to facilitate multi-departmental collaboration. The use of BMC FootPrints can enhance customer satisfaction by ensuring timely responses to service requests. Overall, BMC FootPrints supports the efficient and secure management of service requests across a variety of industries.

The detected vulnerability is a Server-Side Request Forgery (SSRF) that allows unauthenticated attackers to exploit the /footprints/servicedesk/import/searchWeb endpoint. By leveraging the vulnerability, attackers can force the server to make HTTP requests to arbitrary URLs. This compromises internal services, bypassing firewall restrictions. This SSRF is part of a broader pre-authenticated remote code execution chain. The chain involves combining this SSRF vulnerability with others such as authentication bypass and deserialization vulnerabilities. It represents a critical risk as it provides an avenue for further exploitation.

Technical details of the vulnerability revolve around the 'url' parameter used in the /footprints/servicedesk/import/searchWeb endpoint. This parameter allows sending arbitrary requests from the server side which an attacker can manipulate. Due to inadequate validation, the server processes attacker-supplied input without restriction, executing requests to internal or external endpoints. This oversight in URL validation is further exploitable when combined with additional vulnerabilities such as CVE-2025-71257 and CVE-2025-71260. The vulnerability allows for complex attack chains leading to significant risks if unpatched. The endpoint thus acts as a gateway for potential unauthorized access.

When exploited, the vulnerability can lead to multiple adverse effects affecting the target system and network. Attackers may gain unauthorized access to sensitive data housed within the internal network by bypassing protective firewalls. There is a potential degradation of system availability if the SSRF facilitates a denial of service by overloading network resources. Moreover, the ability of attackers to interact with internal services can lead to the extraction of confidential information or unauthorized adjustments in service configurations. These consequences necessitate the prioritization of mitigation strategies to safeguard affected systems.

REFERENCES

• https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/
• https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/