Primary

Context

Esri ArcGIS AllSource Untrusted Search Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Esri ArcGIS AllSource versions 1.2 and 1.3, related to an untrusted search path. This vulnerability may enable a low-privileged attacker with write access to the local file system to place a malicious executable onto the system. If the victim subsequently performs a certain action within ArcGIS AllSource, the introduced executable could run and execute harmful commands, potentially under the victim's user context.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of malicious code, allowing an attacker to execute commands or perform actions on the system as the victim user.

Remediation

Users can upgrade to ArcGIS AllSource 1.2.1 or 1.3.1. These patches are available through the ArcGIS AllSource patch notification tool or can be downloaded from My Esri.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS AllSource Untrusted Search Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating