Home

Description

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.

PUBLISHED Reserved 2025-03-19 | Published 2025-03-20 | Updated 2025-12-10 | Assigner Esri




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

All (Portal for ArcGIS)
affected

References

support.esri.com/...-for-arcgis-security-2025-update-3-patch

cve.org (CVE-2025-2538)

nvd.nist.gov (CVE-2025-2538)

Download JSON