CVE-2025-4967

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4967
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-2-patch
Configurations

No configuration.

History

29 May 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-29 20:15

Updated : 2025-05-30 16:31

NVD link : CVE-2025-4967

Mitre link : CVE-2025-4967

CVE.ORG link : CVE-2025-4967

JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)