SQL Injection Vulnerability in Esri ArcGIS Monitor for Windows and Linux
CVE-2025-1726

4.3MEDIUM

Key Information:

Vendor: Esri
Status: Arcgis Monitor
Vendor: CVE Published:; 26 February 2025

Summary

A SQL injection vulnerability has been identified in Esri ArcGIS Monitor versions 2023.0 through 2024.x for both Windows and Linux platforms. This issue allows a remote, authenticated attacker with limited privileges to execute crafted queries, thereby improperly accessing limited database schema information. Although this vulnerability enables the enumeration of certain internal database identifiers, the impact on confidentiality is mitigated as any sensitive data returned by the queries is encrypted. There are no indications that the integrity or availability of the system is compromised. Users are advised to upgrade to ArcGIS Monitor 2024.1 to address this issue.

Affected Version(s)

ArcGIS Monitor Windows 2023.0 < 2024.1

References

https://www.esri.com/arcgis-blog/products/monitor/adminis...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025