BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery (SSRF) vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling access to internal services and bypassing firewall restrictions. This vulnerability is part of a pre-authenticated RCE chain when combined with CVE-2025-71257 (auth bypass) and CVE-2025-71260 (deserialization). [已公开] id: CVE-2025-71258 info: name: BMC FootPrints 'searchWeb' - Server-Side Request Forgery author: watchTowr,DhiyaneshDk severity: high description: | BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery (SSRF) vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling access to internal services and bypassing firewall restrictions. This vulnerability is part of a pre-authenticated RCE chain when combined with CVE-2025-71257 (auth bypass) and CVE-2025-71260 (deserialization). impact: | Authenticated attackers ca

BMC FootPrints

POC: 已公开