Stored Cross-site Scripting Vulnerability in Esri Portal for ArcGIS Enterprise
CVE-2025-55105

4.8MEDIUM

Key Information:

Vendor

Esri

Status
Portal For Arcgis Enterprise Experience Sites
Vendor
CVE Published:
21 August 2025

What is CVE-2025-55105?

The vulnerability in Esri Portal for ArcGIS Enterprise allows authenticated attackers to exploit a stored cross-site scripting flaw. By injecting a malicious file containing an embedded XSS script, an attacker can execute arbitrary JavaScript code in the browser of victims accessing the compromised portal. This attack may lead to the exposure of sensitive information, such as privileged tokens, potentially granting the attacker full control over the affected Portal. Remediation is crucial to safeguard user data and maintain the integrity of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Portal for ArcGIS Enterprise Experience Sites Windows 10.9.1 <= 11.4

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.