Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 29, 2025
BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect.
CVE-2025-57878
Description
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Affected products
2<=11.4+ 1 more
- (no CPE)range: <=11.4
- (no CPE)range: 10.9.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.