Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-57872

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

  • Published: Sep 29, 2025
  • Updated: Nov 16, 2025
  • CVE: CVE-2025-57872
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

Software From Fixed in
esri / portal_for_arcgis 10.9.1 10.9.1.x
esri / portal_for_arcgis 10.9.1-security_2025_update1 10.9.1-security_2025_update1.x
esri / portal_for_arcgis 10.9.1-security_2025_update2 10.9.1-security_2025_update2.x
esri / portal_for_arcgis 11.0 11.0.x
esri / portal_for_arcgis 11.1 11.1.x
esri / portal_for_arcgis 11.1-security_2024_update1 11.1-security_2024_update1.x
esri / portal_for_arcgis 11.1-security_2024_update2 11.1-security_2024_update2.x
esri / portal_for_arcgis 11.1-security_2025_update1 11.1-security_2025_update1.x
esri / portal_for_arcgis 11.1-security_2025_update2 11.1-security_2025_update2.x
esri / portal_for_arcgis 11.2 11.2.x
esri / portal_for_arcgis 11.2-security_2024_update1 11.2-security_2024_update1.x
esri / portal_for_arcgis 11.2-security_2024_update2 11.2-security_2024_update2.x
esri / portal_for_arcgis 11.2-security_2025_update1 11.2-security_2025_update1.x
esri / portal_for_arcgis 11.2-security_2025_update2 11.2-security_2025_update2.x
esri / portal_for_arcgis 11.3 11.3.x
esri / portal_for_arcgis 11.3-security_2025_update1 11.3-security_2025_update1.x
esri / portal_for_arcgis 11.3-security_2025_update2 11.3-security_2025_update2.x
esri / portal_for_arcgis 11.4 11.4.x
esri / portal_for_arcgis 11.4-security_2025_update1 11.4-security_2025_update1.x
esri / portal_for_arcgis 11.4-security_2025_update2 11.4-security_2025_update2.x