CVE-2025-57870: SQL Injection in ArcGIS Server Feature Services

The impact of CVE-2025-57870 is substantial due to the ease of exploitation and the potential for widespread data compromise. An attacker can leverage this vulnerability to execute arbitrary SQL commands against the underlying Enterprise Geodatabase, bypassing authentication mechanisms. This could result in unauthorized access to sensitive geospatial data, including user information, geographic locations, and critical infrastructure details. Furthermore, attackers could modify or delete data, disrupting operations and potentially causing significant financial and reputational damage. The lack of authentication requirements significantly broadens the attack surface, making it accessible to a wide range of threat actors. The ability to execute arbitrary SQL commands grants attackers a high degree of control over the database, enabling them to extract, modify, or delete any data they can access. This vulnerability shares similarities with other SQL Injection flaws where attackers can escalate privileges and gain complete control over the affected system.

1. Reserved2025-08-21
2. Published2025-10-22
3. Modified2026-02-26
4. EPSS updated2026-03-23

The primary mitigation for CVE-2025-57870 is to upgrade to a patched version of Esri ArcGIS Server as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds to reduce the risk. These may include restricting access to the vulnerable Feature Service operation, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) to filter out malicious SQL injection attempts. Configure your WAF to block requests containing suspicious SQL syntax. Regularly review ArcGIS Server logs for any signs of unusual activity or attempted SQL injection attacks. After upgrading, verify the fix by attempting to trigger the vulnerable Feature Service operation with a known malicious SQL payload and confirming that the attack is blocked.