"Four security flaws (CVE-2025-71257, CVE-2025-71258, CVE-2025-71259, and CVE-2025-71260) have been disclosed in BMC FootPrints, a widely deployed ITSM solution, that could be chained into pre-authentication remote code execution. The attack sequence begins with an authentication bypass (CVE-2025-71257) that extracts a guest session token from the password reset endpoint, which is then used to reach an unsanitized Java deserialization sink."
"Exploitation via the AspectJWeaver gadget chain enables arbitrary file write to the Tomcat web root directory, achieving full remote code execution. Armed with the SEC_TOKEN, an attacker could also exploit two SSRF flaws and potentially leak internal data."
Four security vulnerabilities in BMC FootPrints ITSM platform can be chained together to achieve pre-authentication remote code execution. The attack begins with an authentication bypass that extracts a guest session token from the password reset endpoint. This token grants access to an unsanitized Java deserialization vulnerability in the AspectJWeaver gadget chain, allowing arbitrary file writes to the Tomcat web root and full system compromise. Additional SSRF vulnerabilities enable internal data leakage. The vulnerabilities demonstrate how seemingly minor flaws combine into critical exploits affecting widely deployed infrastructure management solutions.
#remote-code-execution #authentication-bypass #java-deserialization #itsm-security #vulnerability-chaining
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]