Primary

Context

Esri ArcGIS Server Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in Esri ArcGIS Server versions 11.3 and prior. This vulnerability allows remote authenticated attackers with administrative privileges to traverse the file system and access files outside of the designated directory. While there is no impact on integrity or availability due to the nature of the files that can be accessed, this vulnerability poses a significant risk to confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, potentially exposing confidential information.

Remediation

Users are advised to update to ArcGIS Server Security 2025 Update 1, which is available through the Esri Support website. This patch should be applied immediately to all ArcGIS Server machines that are part of an ArcGIS Enterprise Site or Standalone deployment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Server Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ESRI ArcGIS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating