Primary

Context

Esri ArcGIS Pro Untrusted Search Path Vulnerability Allowing Execution of Malicious Executables

Vulnerability

A vulnerability exists in Esri ArcGIS Pro versions 3.3 and 3.4, related to an untrusted search path. This vulnerability may enable a low-privileged attacker with write access to the local file system to place a malicious executable onto the system. If the victim subsequently performs a certain action within ArcGIS Pro, the introduced executable could run and execute harmful commands, potentially under the victim's user context.

Impact

Exploitation of this vulnerability could lead to the execution of malicious code, allowing an attacker to run harmful commands on the affected system, potentially under the context of the user.

Remediation

Users can upgrade to ArcGIS Pro 3.4.1 or 3.3.3.4. These patches are available through the ArcGIS Pro patch notification tool or can be downloaded from My Esri.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Pro Untrusted Search Path Vulnerability Allowing Execution of Malicious Executables

Vulnerability

Impact

Remediation

Affected Products

Esri ArcGIS Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating