CVE-2025-71257 (CVSS 9.8) is an authentication bypass in BMC FootPrints ITSM affecting versions 20.20.02 through 20.24.01.001, where security filters are not enforced on protected REST API endpoints, allowing unauthenticated remote attackers to access and modify ITSM data. CISA has confirmed active exploitation and added the vulnerability to KEV; BMC has released hotfixes for all affected version branches. Apply the appropriate hotfix via BMC Support immediately and restrict network access to the FootPrints interface to internal networks only.