11.1

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

esri

NVD

Published: 2025-03-03

Updated: 2025-04-10

Summary

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.

Vulnerable Configurations

Part	Description	Count
Application	Esri Esri Arcgis Server 10.9.1 Esri Arcgis Server 11.1	2
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/