Primary

Context

Esri Portal for ArcGIS Unvalidated Redirect Vulnerability Allowing Phishing Attacks

Vulnerability

A vulnerability allowing unvalidated redirects has been identified in Esri Portal for ArcGIS versions 11.4 and prior. This issue may enable a remote, unauthenticated attacker to create a URL that redirects a victim to an arbitrary website, potentially facilitating phishing attacks.

Impact

Exploitation of this vulnerability could lead to successful phishing attempts, as victims could be redirected to malicious websites.

Remediation

Esri has released a security patch for this vulnerability as part of the Portal for ArcGIS Security 2025 Update 3 Patch. This patch is cumulative and includes all fixes from previous updates. Instructions for applying the patch are available on the Esri Support website.

Added: Sep 29, 2025, 7:17 PM

Updated: Sep 29, 2025, 7:36 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

6.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

6.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri Portal for ArcGIS Unvalidated Redirect Vulnerability Allowing Phishing Attacks

Vulnerability

Impact

Remediation

Affected Products

Esri Portal for ArcGIS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating