BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SEC_TOKEN session cookie without proper authentication. This vulnerability enables exploitation of other vulnerabilities in the chain including CVE-2025-71258 and CVE-2025-71259 (SSRF) and CVE-2025-71260 (deserialization RCE). [已公开] id: CVE-2025-71257 info: name: BMC FootPrints - Authentication Bypass author: watchTowr,DhiyaneshDk severity: medium description: | BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SEC_TOKEN session cookie without proper authentication. This vulnerability enables exploitation of other vulnerabilities in the chain including CVE-2025-71258 and CVE-2025-71259 (SSRF) and CVE-2025-71260 (deserialization RCE). impact: | Unauthenticated attackers can bypass access controls to access and modify application data a

BMC FootPrints

POC: 已公开