CVE-2025-67706

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.

Vulnerability Details

Published Date

December 31, 2025

Last Modified

January 06, 2026

CWE ID

CWE-434

Source

NVD

Vendor

esri

Product

arcgis_server

External References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-2-patch

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment