(watchtowr.com) Pre-Authenticated Remote Code Execution Chain Discovered in BMC FootPrints ITSM PlatformwatchTowr Labs disclosed a pre authentication remote code execution chain across four vulnerabilities in BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001. The chain begins with an authentication bypass (CVE-2025-71257) that extracts a guest session token from the password reset endpoint, which is then used to reach an unsanitized Java deserialization sink (CVE-2025-71260) in the /aspnetconfig endpoint's VIEWSTATE parameter. Exploitation via the AspectJWeaver gadget chain enables arbitrary file write to the Tomcat web root, achieving full RCE. Two SSRF flaws (CVE-2025-71258, CVE-2025-71259) were also identified. BMC released hot fixes in September 2025.Source: https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/Fediverse: @watchTowr #Cybersecurity #VulnerabilityResearch #Vulnerability #PoC