CVE-2025-71260 is a deserialization of untrusted data vulnerability categorized under CWE-502, impacting BMC Software's FootPrints IT Service Management (ITSM) product. The flaw resides in the handling of the ASP.NET VIEWSTATE parameter, which is used to maintain state information between client and server. In affected versions (20.20.02 through 20.24.01.001), the application improperly deserializes data from the VIEWSTATE without sufficient validation or integrity checks, allowing an authenticated attacker to craft malicious serialized objects. When these objects are processed, they can trigger arbitrary code execution within the context of the application server. This vulnerability requires the attacker to have valid credentials (authenticated access) but does not require any additional user interaction. The impact is severe because successful exploitation leads to remote code execution, enabling attackers to fully compromise the application, potentially pivot within the network, access sensitive data, or disrupt services. BMC has released hotfixes for multiple versions to remediate the vulnerability, emphasizing the importance of applying these patches promptly. The CVSS v4.0 base score is 8.7 (high), reflecting the ease of network exploitation, lack of required user interaction, and the high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the vulnerability's nature and severity make it a critical concern for organizations using FootPrints ITSM.

The vulnerability allows authenticated attackers to execute arbitrary code remotely, leading to full compromise of the FootPrints ITSM application. This can result in unauthorized access to sensitive IT service management data, manipulation or deletion of tickets and records, disruption of IT operations, and potential lateral movement within the affected organization's network. Given that FootPrints is often used for IT asset and service management, exploitation could undermine incident response, change management, and service continuity processes. The high severity and ease of exploitation increase the risk of targeted attacks, especially in environments where FootPrints is internet-facing or accessible by many users. Organizations could face operational downtime, data breaches, and reputational damage if the vulnerability is exploited.

Organizations should immediately identify all instances of BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 in their environment. They must apply the official hotfixes released by BMC for their specific version to remediate the vulnerability. If patching is temporarily not possible, restrict access to the FootPrints application to trusted networks and users only, enforce strong authentication controls, and monitor logs for unusual VIEWSTATE parameter usage or suspicious authenticated sessions. Implement Web Application Firewalls (WAFs) with custom rules to detect and block anomalous serialized payloads targeting VIEWSTATE. Conduct thorough security assessments and penetration testing post-patching to ensure no residual exploitation vectors remain. Additionally, educate administrators and users about the risks of deserialization vulnerabilities and maintain an incident response plan tailored to potential FootPrints compromise scenarios.