Platform
arcgis
Component
portal-for-arcgis
Opgelost in
11.4.1
CVE-2025-4967 describes a critical Server-Side Request Forgery (SSRF) vulnerability affecting Esri Portal for ArcGIS versions 0 through 11.4. This flaw allows a remote, unauthenticated attacker to bypass the portal’s built-in SSRF protections, potentially leading to unauthorized access to internal systems and data. A patch is available in version 11.4.1, and users are strongly encouraged to upgrade immediately.
The SSRF vulnerability in Portal for ArcGIS allows attackers to craft malicious requests that originate from the portal server itself. This effectively bypasses typical network security controls, as the requests appear to be coming from a trusted source. Attackers could leverage this to scan internal networks, access sensitive data stored on internal servers (e.g., databases, file shares), or even trigger actions on internal systems. The lack of authentication required significantly broadens the attack surface, making it easier for malicious actors to exploit this vulnerability. Successful exploitation could lead to data breaches, system compromise, and disruption of services.
CVE-2025-4967 was publicly disclosed on 2025-05-29. Its CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SSRF vulnerabilities suggests that it is likely to become a target for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Esri Portal for ArcGIS for geospatial data management and web mapping are at significant risk. This includes government agencies, utilities, and businesses using ArcGIS for location-based services. Environments with limited network segmentation or weak firewall rules are particularly vulnerable, as an attacker could potentially pivot from the Portal server to other internal systems.
• arcgis: Examine Portal for ArcGIS server logs for unusual outbound requests to internal IP addresses or services. Use curl to test for SSRF vulnerabilities by attempting to access internal resources through the Portal.
curl -v --connect-timeout 5 'http://<portal_url>/arcgis/admin/rest/services/test/test/test?url=http://169.254.169.254/test' 2>&1 | grep -i 'Internal Server Error'• generic web: Monitor access logs for requests originating from the Portal server attempting to access internal resources. Check response headers for SSRF-related indicators.
disclosure
Exploit Status
EPSS
0.07% (21% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-4967 is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later, which includes the fix for this vulnerability. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting outbound network access from the Portal server using a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests to potentially sensitive internal resources. Regularly review and update firewall rules to minimize the attack surface. After upgrading, confirm the fix by attempting a known SSRF attack vector and verifying that it is blocked.
Werk Portal for ArcGIS bij naar een versie later dan 11.4. Raadpleeg de beveiligingspatch 2025 Update 3 die door Esri is geleverd voor gedetailleerde instructies over het bijwerken en mitigeren van de SSRF-kwetsbaarheid.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-4967 is a critical SSRF vulnerability in Esri Portal for ArcGIS versions 0–11.4, allowing unauthenticated attackers to bypass SSRF protections and potentially access internal resources.
If you are running Esri Portal for ArcGIS versions 0 through 11.4, you are potentially affected by this vulnerability. Upgrade to 11.4.1 or later to mitigate the risk.
The recommended fix is to upgrade Esri Portal for ArcGIS to version 11.4.1 or later. As a temporary workaround, implement WAF rules to restrict outbound network access.
While no public exploits are currently available, the ease of exploitation suggests a high likelihood of future exploitation attempts. Monitor security advisories and threat intelligence feeds.
Refer to the official Esri security advisory for detailed information and guidance: [https://www.esri.com/en-us/blogs/security/esri-security-update-may-2025/]
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.