PT-2025-9558 · Esri · Esri Arcgis Server

Published

2025-02-18

Updated

2025-03-04

CVE-2024-51958

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ESRI ArcGIS Server versions 10.9.1 through 11.3

Description The issue allows a remote authenticated attacker with admin privileges to traverse the file system and access files outside of the intended directory, potentially leading to a high impact on confidentiality. There is no impact to integrity or availability due to the nature of the files that can be accessed.

Recommendations For ESRI ArcGIS Server versions 10.9.1 through 11.3, update to a version that contains a fix for this issue to prevent path traversal exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-02371

CVE-2024-51958

Affected Products

Esri Arcgis Server

PT-2025-9558 · Esri · Esri Arcgis Server

CVE-2024-51958

Weakness Enumeration

Related Identifiers

Affected Products

References · 6