Primary

Context

Esri ArcGIS Server Unrestricted File Upload Vulnerability

Vulnerability

Patched

A vulnerability exists in Esri ArcGIS Server versions 11.5 and earlier on both Windows and Linux. The issue stems from improper validation of uploaded files, which enables remote attackers to upload arbitrary files. This vulnerability is classified as unrestricted file upload of dangerous types, potentially leading to various security risks depending on the nature of the uploaded files.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that may be executed on the server or cause other types of harm, such as overwriting existing files or disrupting server operations.

Remediation

Users are advised to update to ArcGIS Server Security 2025 Update 2, which is available for download from the Esri Support site. This patch addresses this vulnerability and should be applied as soon as possible.

Added: Dec 31, 2025, 11:18 PM

Updated: Dec 31, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.0

exploitability

6.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.0

exploitability

6.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Server Unrestricted File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Esri ArcGIS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating