FOCUS MODE
EXTRACT IOC
Cyber Security News

Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover

Cyware
Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover
Summary: Esri has identified a critical vulnerability in its ArcGIS Enterprise platform that could enable attackers to hijack administrative accounts via a password reset flaw. The vulnerability, CVE-2025-2538, has a CVSS score of 9.8 and affects specific versions of Portal for ArcGIS. Organizations are urged to apply the security patch released by Esri to prevent potential data breaches and service disruptions.

Affected: Esri ArcGIS Enterprise (specifically Portal for ArcGIS versions 10.9.1 โ€“ 11.4)

Keypoints :

  • Critical vulnerability (CVE-2025-2538) allows unauthorized password reset for admin accounts.
  • Potential for complete control over administrative functions, risking data tampering and service disruption.
  • Security patch released on February 18, 2025; immediate application is strongly advised.

Source: https://securityonline.info/critical-security-flaw-in-arcgis-enterprise-exposes-admin-accounts-to-remote-takeover/

Tags: LINUX, GOVERNMENT, WINDOWS, PRIVILEGE, PATCH, PASSWORD, CVE, VULNERABILITY