216.73.217.64

CVE-2025-71260

· Published 19/03/2026 14:16 · Modified 20/03/2026 13:39

Labels: CVE-2025-71260 2026-03-19CVE-2025-71260CWE-502[email protected]

Essential information

Published
19/03/2026 14:16
Modified
20/03/2026 13:39
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bmc / footprints itsm cpe:2.3:a:bmc:footprints_itsm:20.20.02-20.24.01.001:*:*:*:*:*:*:*

References