Back to Explorer

CVE-2025-67706

PUBLISHED
12/31/2025 cedc17bb-4939-4f40-a1f4-30ae8af1094e

Technical Description

ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.

Affected Products

Esri
ArcGIS Server
10.9.1

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-2-patch
External Link
5.6 CVSS v3.1
MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None