Path Traversal Vulnerability in ArcGIS <= 11.2
CVE-2024-25693

9.9CRITICAL

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 4 April 2024

Badges

👾 Exploit Exists🟣 EPSS 15%

What is CVE-2024-25693?

The vulnerability found in Esri Portal for ArcGIS versions 11.2 and below allows remote, authenticated attackers to exploit a path traversal issue. This may enable them to access files or execute unauthorized code beyond the intended directory restrictions, potentially exposing sensitive system data.

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 5, 2024
👾
Exploit known to exist
Apr 5, 2024
Vulnerability published
Apr 4, 2024

JSON