Plattform
arcgis
Komponente
portal-for-arcgis
Behoben in
11.4.1
CVE-2025-4967 describes a critical Server-Side Request Forgery (SSRF) vulnerability affecting Esri Portal for ArcGIS versions 0 through 11.4. This flaw allows a remote, unauthenticated attacker to bypass the portal’s built-in SSRF protections, potentially leading to unauthorized access to internal systems and data. A patch is available in version 11.4.1, and users are strongly encouraged to upgrade immediately.
The SSRF vulnerability in Portal for ArcGIS allows attackers to craft malicious requests that originate from the portal server itself. This bypasses the intended security controls, enabling attackers to access internal services and data that should be protected. Attackers could potentially scan internal networks, access sensitive configuration files, or even interact with internal APIs. The lack of authentication required significantly broadens the attack surface, as any external user can attempt to exploit this vulnerability. Successful exploitation could lead to data breaches, system compromise, and disruption of services.
CVE-2025-4967 was publicly disclosed on 2025-05-29. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. No public proof-of-concept (POC) code has been released as of this writing, but the SSRF nature of the vulnerability makes it relatively easy to exploit. It is not currently listed on the CISA KEV catalog, but given its severity, it may be added in the future. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on Esri Portal for ArcGIS for geospatial data management and web mapping are at significant risk. This includes government agencies, utilities, and businesses using ArcGIS for location-based services. Environments with limited network segmentation or weak firewall rules are particularly vulnerable, as an attacker could potentially pivot from the Portal server to other internal systems.
• arcgis: Examine Portal for ArcGIS server logs for unusual outbound requests to internal IP addresses or services. Use curl to test for SSRF vulnerabilities by attempting to access internal resources through the Portal.
curl -v --connect-timeout 5 'http://<portal_url>/arcgis/admin/rest/services/test/test/test?url=http://169.254.169.254/test' 2>&1 | grep -i 'Internal Server Error'• generic web: Monitor access logs for requests originating from the Portal server attempting to access internal resources. Check response headers for SSRF-related indicators.
disclosure
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-4967 is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting outbound network access from the portal server using a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests to known internal services or those deemed unnecessary. Review and tighten network segmentation to limit the potential blast radius of a successful SSRF attack. Monitor portal logs for unusual outbound requests that might indicate exploitation attempts.
Aktualisieren Sie Portal for ArcGIS auf eine Version, die neuer als 11.4 ist. Konsultieren Sie den Sicherheits-Patch 2025 Update 3 von Esri für detaillierte Anweisungen zur Aktualisierung und zur Minderung der SSRF-Vulnerabilität.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-4967 is a critical SSRF vulnerability in Esri Portal for ArcGIS versions 0–11.4, allowing unauthenticated attackers to bypass SSRF protections and potentially access internal resources.
If you are running Esri Portal for ArcGIS versions 0 through 11.4, you are potentially affected by this vulnerability. Upgrade to 11.4.1 or later to mitigate the risk.
The recommended fix is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later. As a temporary workaround, implement WAF rules to restrict outbound network access.
While no public exploits are currently available, the ease of exploitation suggests a high likelihood of future exploitation attempts. Monitor security advisories and threat intelligence feeds.
Refer to the official Esri security advisory for detailed information and guidance: [https://www.esri.com/en-us/blogs/security/esri-security-update-may-2025/]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.