CVE-2024-25693

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 4, 2024

Updated: Jan 8, 2025

CWE ID 22

Summary

CVE-2024-25693 is a path traversal vulnerability affecting Esri Portal for ArcGIS versions prior to 11.3. This issue permits a remote, authenticated attacker to access files or execute code outside of the intended directory by manipulating file paths. Successfully exploiting this vulnerability could result in serious data breaches or system compromise. It is highly recommended that affected organizations upgrade to the latest version of Esri Portal for ArcGIS to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Portal for ArcGIS
Esri Portal for ArcGIS

Affected Vendors

Esri

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/udr1NJ
https://www.cve.org/CVERecord?id=CVE-2024-25693
https://nvd.nist.gov/vuln/detail/CVE-2024-25693

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners