Platform
arcgis
Component
portal-for-arcgis
Fixed in
11.4.1
CVE-2025-4967 describes a critical Server-Side Request Forgery (SSRF) vulnerability affecting Esri Portal for ArcGIS versions 0 through 11.4. This flaw allows a remote, unauthenticated attacker to bypass the portal’s built-in SSRF protections, potentially leading to unauthorized access to internal systems and data. A patch is available in version 11.4.1, and users are strongly encouraged to upgrade immediately.
The SSRF vulnerability in Portal for ArcGIS allows attackers to craft malicious requests that originate from the portal server itself. This effectively bypasses typical network security controls, as the requests appear to be coming from a trusted source. Attackers could leverage this to scan internal networks, access sensitive data stored on internal servers (e.g., databases, file shares), or even trigger actions on internal systems. The lack of authentication required significantly broadens the attack surface, making it easier for malicious actors to exploit this vulnerability. Successful exploitation could lead to data breaches, system compromise, and disruption of services.
CVE-2025-4967 was publicly disclosed on 2025-05-29. Its CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SSRF vulnerabilities suggests that it is likely to become a target for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-4967 is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later, which includes the fix for this vulnerability. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting outbound network access from the Portal server using a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests to potentially sensitive internal resources. Regularly review and update firewall rules to minimize the attack surface. After upgrading, confirm the fix by attempting a known SSRF attack vector and verifying that it is blocked.
Update Portal for ArcGIS to a version later than 11.4. See security patch 2025 Update 3 provided by Esri for detailed instructions on updating and mitigating the SSRF vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-4967 is a critical SSRF vulnerability in Esri Portal for ArcGIS versions 0–11.4, allowing unauthenticated attackers to bypass SSRF protections and potentially access internal resources.
If you are running Esri Portal for ArcGIS versions 0 through 11.4, you are potentially affected by this vulnerability. Upgrade to 11.4.1 or later to mitigate the risk.
The recommended fix is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later. As a temporary workaround, implement WAF rules to restrict outbound network access.
While no public exploits are currently available, the ease of exploitation suggests a high likelihood of future exploitation attempts. Monitor security advisories and threat intelligence feeds.
Refer to the official Esri security advisory for detailed information and guidance: [https://www.esri.com/en-us/blogs/security/esri-security-update-may-2025/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.