Primary

Context

Esri ArcGIS Server Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in Esri ArcGIS Server versions 11.3 and prior. This vulnerability allows remote authenticated attackers with admin privileges to traverse the file system and access files outside of the intended directory. While there is no impact on integrity or availability, the vulnerability poses a significant risk to confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, potentially exposing confidential information.

Remediation

Esri has released a security patch for this vulnerability as part of the ArcGIS Server Security 2025 Update 1 Patch. This patch should be applied immediately to all ArcGIS Server machines, whether on Windows or Linux, that are part of an ArcGIS Enterprise Site or Standalone deployment. The patch is available through the Esri Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Server Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ESRI ArcGIS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating