Volerion logoVolerion
Volerion logoVolerion

Esri Portal for ArcGIS Unvalidated Redirect Vulnerability Allowing Phishing Attacks

Vulnerability

A vulnerability allowing unvalidated redirects has been identified in Esri Portal for ArcGIS versions 11.4 and prior. This issue may enable a remote, unauthenticated attacker to create a URL that redirects a victim to an arbitrary website, potentially facilitating phishing attacks.

Impact

Exploitation of this vulnerability could lead to successful phishing attempts, as victims could be redirected to malicious websites.

Remediation

Esri has released a security patch for Portal for ArcGIS in 2025 Update 3. This patch addresses this vulnerability and is available for download. Instructions for applying the patch can be found on the Esri Support website.

Added: Sep 29, 2025, 7:21 PM
Updated: Sep 29, 2025, 7:39 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
0.8
exploitability
6.4
remediation
7.7
relevance
0.6
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.