CVE-2025-71259 is a server-side request forgery vulnerability classified under CWE-918, found in BMC Software's FootPrints IT Service Management (ITSM) product. The vulnerability resides in the externalfeed/RSS API component of FootPrints versions 20.20.02 through 20.24.01.001. It allows an authenticated attacker with low privileges to send crafted requests that cause the server to initiate arbitrary outbound HTTP requests. This occurs due to insufficient validation of externally supplied resource references, enabling attackers to coerce the server into interacting with internal network services that may not be directly accessible externally. The SSRF can be exploited blindly, meaning attackers do not receive direct response data but can infer success through side effects. Potential impacts include unauthorized internal network reconnaissance, exploitation of internal services, or resource exhaustion leading to denial of service. The vulnerability does not require user interaction and does not affect confidentiality or integrity directly but can impact availability and internal network security posture. BMC has released multiple hotfixes across affected versions to address this issue, and no public exploits have been reported to date.

The primary impact of CVE-2025-71259 is the potential for attackers to leverage the SSRF vulnerability to interact with internal services that are otherwise inaccessible, potentially exposing sensitive internal resources or enabling lateral movement within an organization's network. Additionally, attackers can cause resource exhaustion on the FootPrints server, leading to degraded performance or denial of service, impacting availability of ITSM services critical for organizational operations. Since the vulnerability requires authentication with low privileges, insider threats or compromised accounts could be leveraged to exploit this flaw. The lack of direct data exfiltration reduces confidentiality impact, but the ability to reach internal systems poses a significant risk, especially in segmented or sensitive environments. Organizations relying on BMC FootPrints for IT service management could face operational disruptions and increased risk of internal network compromise if this vulnerability is exploited.

Organizations should promptly apply the official hotfixes provided by BMC Software for their specific FootPrints ITSM version to remediate the SSRF vulnerability. In addition, implement strict network segmentation and firewall rules to limit the FootPrints server's ability to initiate outbound requests to only necessary destinations. Monitor and audit authenticated user activities to detect unusual patterns that may indicate exploitation attempts. Employ strong authentication and access controls to minimize the risk of account compromise or misuse by low-privilege users. Consider deploying web application firewalls (WAFs) with rules designed to detect and block SSRF attack patterns targeting the externalfeed/RSS API endpoints. Regularly review and update security policies related to internal service exposure and outbound traffic from critical servers. Finally, conduct internal penetration testing and vulnerability assessments to verify the effectiveness of mitigations.