CVE-2025-1067

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Pro versions 3.3 through 3.4

Description The issue is related to an untrusted search path vulnerability that may allow a low-privileged attacker with write privileges to the local file system to introduce a malicious executable. When the victim performs a specific action using ArcGIS Pro, the malicious file could execute and run commands under the context of the victim.

Recommendations For Esri ArcGIS Pro versions 3.3 and 3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.