Primary

Context

Esri ArcGIS Server Unrestricted File Upload Vulnerability

Vulnerability

Patched

A vulnerability exists in Esri ArcGIS Server versions 11.5 and earlier on both Windows and Linux. The issue stems from improper validation of uploaded files, allowing remote attackers to upload arbitrary files. This vulnerability is categorized as unrestricted file upload of dangerous types, which could potentially lead to further exploitation.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, which may be used to execute malicious files on the server or disrupt service.

Remediation

Users are advised to update to ArcGIS Server version 12.0 or to install the ArcGIS Server Security 2025 Update 2 Patch, which is available through the Esri Support site. This patch addresses several vulnerabilities and can be applied without needing to install previous updates.

Added: Dec 31, 2025, 11:19 PM

Updated: Dec 31, 2025, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Server Unrestricted File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Esri ArcGIS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating