Primary

Context

Esri Portal for ArcGIS Hardcoded Credential Vulnerability Allowing Administrative Access

Vulnerability

A hardcoded credential vulnerability has been identified in Esri Portal for ArcGIS versions 11.4 and prior. This vulnerability arises from a specific deployment pattern that may enable a remote authenticated attacker to gain administrative access to the system.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the affected Portal for ArcGIS instance.

Remediation

Esri has released a security patch for this vulnerability as part of the Portal for ArcGIS Security 2025 Update 1 Patch. This patch should be applied immediately to all Portal for ArcGIS machines that are part of an ArcGIS Enterprise Site. The patch is available through the Esri Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri Portal for ArcGIS Hardcoded Credential Vulnerability Allowing Administrative Access

Vulnerability

Impact

Remediation

Affected Products

Esri Portal for ArcGIS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating