(watchtowr.com) Pre-Authenticated Remote Code Execution Chain Discovered in BMC FootPrints ITSM Platform

watchTowr Labs disclosed a pre authentication remote code execution chain across four vulnerabilities in BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001. The chain begins with an authentication bypass (CVE-2025-71257) that extracts a guest session token from the password reset endpoint, which is then used to reach an unsanitized Java deserialization sink (CVE-2025-71260) in the /aspnetconfig endpoint's VIEWSTATE parameter. Exploitation via the AspectJWeaver gadget chain enables arbitrary file write to the Tomcat web root, achieving full RCE. Two SSRF flaws (CVE-2025-71258, CVE-2025-71259) were also identified. BMC released hot fixes in September 2025.

Source: https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/

Fediverse: @watchTowr

#Cybersecurity #VulnerabilityResearch #Vulnerability #PoC

Talking to my Indigenous friend, Jada, tomorrow. When we are back, working on creating in her art studio space. I'm going to pitch a grassroots, photo portraits, solidarity activism action idea to her. We wear some of our ethnic/cultural fashions, holding a Palestinian resistance support flag, in different environments on Vancouver Island. Every time we share those photos, we link up ways to support Palestinians, under Zionazi terrorism sieges.

#Unity #Solidarity #POC #ArtActivism #PowerThroughPortraits #PalestineSolidarity #FreePalestine

The Correctional officer finally remembers where he met Jason…
Public reward!

#GTA6 #JasonDuval #bara #gay #animation #animated #men #gaynsfw #nsfwgay #poc #black #prison #videogames #nsfwgames #hentai

The Correctional officer finally remembers where he met Jason…
Public reward!

#GTA6 #JasonDuval #bara #gay #animation #animated #men #gaynsfw #nsfwgay #poc #black #prison #videogames #nsfwgames #hentai

The Correctional officer finally remembers where he met Jason…
Public reward!

#GTA6 #JasonDuval #bara #gay #animation #animated #men #gaynsfw #nsfwgay #poc #black #prison #videogames #nsfwgames #hentai

Comunidade encontra vulnerabilidades e faz POC

Você sabia que a comunidade do Morning Crypto encontrou falhas que auditorias gigantes não tinham detectado? 😳🔥

- O que aconteceu:
• Membros da comunidade descobriram vulnerabilidades em bibliotecas e plataformas
• Fizeram a POC (prova de conceito) e provaram a falha
• Reportaram as vulnerabilidades e algumas plataformas já corrigiram ✅

- Por que isso importa:
...

#Bitcoin #Segurança #Crypto #Exploit #Vulnerabilidades #POC #MorningCrypto

The BunnyFolk have sporadic heat cycles that get in the way of everyday living. So they rent out the backrooms of the Night club and invite anyone who is willing to help them 'release' some of that pent up frustration in a healthy and productive way. Be sure to tip generously!

#nsfw #gaynsfw #gay #bara #animation #gayanimation #poc #black #bunnyFolk #rabbitfolk #sex #male #muscles #animated #sketch

The BunnyFolk have sporadic heat cycles that get in the way of everyday living. So they rent out the backrooms of the Night club and invite anyone who is willing to help them 'release' some of that pent up frustration in a healthy and productive way. Be sure to tip generously!

#nsfw #gaynsfw #gay #bara #animation #gayanimation #poc #black #bunnyFolk #rabbitfolk #sex #male #muscles #animated #sketch

The BunnyFolk have sporadic heat cycles that get in the way of everyday living. So they rent out the backrooms of the Night club and invite anyone who is willing to help them 'release' some of that pent up frustration in a healthy and productive way. Be sure to tip generously!

#nsfw #gaynsfw #gay #bara #animation #gayanimation #poc #black #bunnyFolk #rabbitfolk #sex #male #muscles #animated #sketch