CVE 6.1 MEDIUM

BUG-000174150 – Unvalidated redirect in Portal for ArcGIS._CVE-2025-57872

September 29, 2025 invoker category_cve
6.1 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

Basic Information

ID CVE-2025-57872
Source Esri
Published Sep 29, 2025 at 18:38
Modified Sep 29, 2025 at 18:54

Affected Product

Vendor Esri
Product Portal for ArcGIS
Version 10.9.1
Affected Versions Esri Portal for ArcGIS 10.9.1

CWE Classification

CWE-601

References

๐Ÿ’ญ Join the Security Discussion

๐Ÿ”’ Your email address will not be published. Required fields are marked *

โš ๏ธ Please be respectful and constructive in your comments. Security discussions should remain professional.