CVE-2025-71257 is a critical function authentication bypass vulnerability identified in BMC Software's FootPrints IT Service Management (ITSM) product, specifically affecting versions 20.20.02 through 20.24.01.001. The root cause is improper enforcement of security filters on restricted REST API endpoints and servlets, which are intended to restrict access to sensitive functions and data. Due to this flaw, unauthenticated remote attackers can invoke these restricted functionalities without any credentials, effectively bypassing access controls. This unauthorized access can lead to exposure of sensitive application data and unauthorized modification of system resources, potentially undermining the integrity and confidentiality of the ITSM environment. The vulnerability does not require any user interaction, privileges, or authentication, making it relatively easy to exploit remotely over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) reflects network attack vector, low attack complexity, no privileges or user interaction needed, and limited impact on confidentiality, integrity, and availability. BMC has issued hotfixes for multiple versions to address this vulnerability, and organizations are strongly advised to apply these patches. No known exploits have been reported in the wild as of now, but the nature of the flaw makes it a significant risk if left unpatched.

The vulnerability allows unauthenticated attackers to bypass authentication controls and access restricted REST API endpoints, which can lead to unauthorized disclosure of sensitive ITSM data and unauthorized modification of system resources. This can compromise the confidentiality and integrity of IT service management processes, potentially disrupting IT operations and exposing sensitive organizational information. Attackers could manipulate tickets, change configurations, or access confidential data stored within FootPrints, impacting incident management, change management, and other critical ITSM workflows. The ease of exploitation without authentication increases the risk of automated attacks and widespread exploitation in environments where vulnerable versions are deployed. Organizations relying heavily on BMC FootPrints for IT service management could face operational disruptions, compliance violations, and reputational damage if this vulnerability is exploited.

Organizations should immediately identify all instances of BMC FootPrints ITSM running affected versions (20.20.02 through 20.24.01.001) and apply the official hotfixes released by BMC Software. These hotfixes specifically address the authentication bypass by properly enforcing security filters on REST API endpoints and servlets. Additionally, organizations should implement network-level access controls to restrict external access to FootPrints management interfaces, such as placing them behind VPNs or firewalls limiting access to trusted IPs. Monitoring and logging API access attempts can help detect suspicious activity indicative of exploitation attempts. Regularly auditing user permissions and API endpoint configurations can further reduce risk. In environments where immediate patching is not feasible, temporarily disabling or restricting access to vulnerable API endpoints can mitigate exposure. Finally, organizations should maintain an incident response plan to quickly address any suspected compromise related to this vulnerability.