VYPR
Medium severity4.3NVD Advisory· Published Mar 19, 2026· Updated Apr 22, 2026

CVE-2025-71259

CVE-2025-71259

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of externally supplied resource references to interact with internal services or cause resource exhaustion impacting availability. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:bmc:footprints_itsm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bmc:footprints_itsm:*:*:*:*:*:*:*:*range: >=20.20.02,<=20.24.01.001
    • (no CPE)range: >=20.20.02 <=20.24.01.001

Patches

Vulnerability mechanics

References

3

News mentions

1