CVE-2025-71257 is a CVSS 9.8 missing authentication flaw in BMC FootPrints ITSM spanning four years of releases (versions 20.20.02 through 20.24.01.001), allowing unauthenticated remote access to read and modify all ITSM data. CISA KEV confirms active in-the-wild exploitation, making this an emergency patch event. Immediately restrict network access to FootPrints REST API and servlet endpoints, apply the BMC-issued hotfix for your specific version from BMC Support, and audit all ITSM data for unauthorized changes during the exposure window.