Security Advisory

CVE-2025-71260

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 13:45:05

Last updated 2026-05-14 02:09:01

Assigner VulnCheck

State PUBLISHED

Description

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlets VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.

← Browse all CVEs View on cve.org ↗