CVE-2025-57870

Critical CVSS: 10.0

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.

Vendor

Esri

Product

Arcgis Server

CWE

CWE-89

Yayın Tarihi

2025-10-22 15:15:51

Güncelleme

2025-10-31 18:51:22

Source Identifier

psirt@esri.com

KEV Date Added

Kategoriler

CWE-89 Arcgis Server CRITICAL Esri 2025

Referanslar

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch

Benzer Kayıtlar

Medium

CVE-2026-1446

There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop appli…

Medium

CVE-2025-67709