CVE-2024-25706

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Apr 4, 2024

Updated: Jan 8, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2024-25706 is a newly identified HTML injection vulnerability affecting Esri Portal for ArcGIS versions prior to 11.0. An attacker can exploit this vulnerability by crafting a malicious URL that, when clicked by an unsuspecting user, could lead them to an arbitrary website. This is significant as it could simplify phishing attacks, potentially resulting in data theft or system compromise, even without requiring authentication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Portal for ArcGIS
Esri Portal for ArcGIS

Affected Vendors

Esri

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2MhN7F
https://www.cve.org/CVERecord?id=CVE-2024-25706
https://nvd.nist.gov/vuln/detail/CVE-2024-25706

Back to Vulnerability Database