ArcGIS Blog

Administration

ArcGIS Trust Center

Mar 13, 2025

Portal for ArcGIS Security 2025 Update 1 Patch

By Mark Bierman and Randall Williams and Michael Young

Esri has released the Portal for ArcGIS Security 2025 Update 1 Patch that resolves one critical severity vulnerability across versions 10.91 – 11.4.

 

This patch was released on February 18th, 2025, and is available here.

 

We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess the risk of these vulnerabilities to their operations. Both base and modified temporal scores are provided to reflect the availability of an official patch.

Vulnerabilities fixed by this patch.

 

Password Recovery Exploitation

  • CVE Details: CVE-2025-2538
  • CWE-798 Use of Hard-coded Credentials
  • Base CVSS 3.1: 9.8 Temporal CVSS: 8.8
  • Base CVSS 4.0: 9.3

Share this article

administration arcgis trust center cve security ssamlymlgp arcgis trust center

Commenting is not enabled for this article.