PT-2025-54461 · Esri · Arcgis Server
Published
2025-12-31
·
Updated
2026-01-06
·
CVE-2025-67703
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Esri ArcGIS Server versions prior to 11.4
Description
A stored cross site scripting issue exists in Esri ArcGIS Server. In certain setups, a remote, unauthenticated attacker can store files containing malicious code that could execute within a victim's browser. The issue affects configurations where an attacker can store files containing malicious code. The vulnerable component allows for the storage of files that, when accessed, can execute code in the context of a victim’s browser.
Recommendations
Update Esri ArcGIS Server to version 11.4 or later.
Fix
RCE
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcgis Server