Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 147

Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Esri develops geographic information system (GIS) software, enabling organizations to map, analyze, and visualize spatial data for urban planning, logistics, and environmental management. The company’s extensive portfolio, including ArcGIS Server and Portal for ArcGIS, has historically been associated with 147 recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations in web-facing components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities highlights the complexity of securing large-scale enterprise GIS deployments. Many issues require administrative access to exploit, yet successful attacks can lead to full system compromise or data exfiltration. Continuous patching and strict network segmentation remain critical for mitigating risks associated with these legacy and modern software components within critical infrastructure environments.

Found 50 results / 147Clear Filters
Top products by Esri: ArcGIS Server Portal for ArcGIS ArcGIS Enterprise ArcReader Portal for ArcGIS Enterprise Sites ArcGIS Enterprise Web App Builder ArcGIS Enterprise Server Portal for ArcGIS Sites ArcGIS Quickcapture Portal for ArcGIS Enterprise Experience Builder ArcGIS Pro ArcGIS Insights ArcGIS GeoEvent Server Portal for ArcGIS ArcGIS Enterprise Builder Enterprise Web App Builder ArcGIS AllSource ArcGIS Monitor ArcGIS Earth Portal for ArcGIS Enterprise Experience Sites ArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGISCWE-266 9.8 Critical2026-04-21
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGISCWE-266 9.8 Critical2026-04-21
CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1) — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57872 BUG-000174150 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57874 BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS.  (11.3, 11.1, 10.9.1) — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57879 BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57876 Stored XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-4967 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-918 9.1 Critical2025-05-29
CVE-2025-2538 BUG-000174336 — Portal for ArcGISCWE-798 9.8 Critical2025-03-20
CVE-2024-38040 BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability — Portal for ArcGISCWE-73 7.5 High2024-10-04
CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2024-10-04
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2024-10-04
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 4.8 Medium2024-10-04
CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.6 Medium2024-10-04
CVE-2024-38039 BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-80 5.4 Medium2024-10-04
CVE-2024-8148 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1) — Portal for ArcGISCWE-601 6.1 Medium2024-10-04
CVE-2024-38037 BUG-000167983 - Unvalidated redirect in Portal for ArcGIS — Portal for ArcGISCWE-601 6.1 Medium2024-10-04
CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability — Portal for ArcGISCWE-287 8.5 High2024-04-04
CVE-2024-25705 Cross site scripting issue in embed widget — Portal for ArcGISCWE-79 5.4 Medium2024-04-04
CVE-2024-25706 HTMLi at createFolder Content Injection — Portal for ArcGISCWE-94 6.1 Medium2024-04-04
CVE-2024-25709 Self-XSS style in move item dialog — Portal for ArcGISCWE-79 6.1 Medium2024-04-04
CVE-2024-25698 Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2024-04-04
CVE-2024-25695 concatenated errors resulting in cross site scripting and frame injection issues. — Portal for ArcGISCWE-79 7.2 High2024-04-04
CVE-2024-25696 Stored XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 4.8 Medium2024-04-04
CVE-2024-25697 Stored XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 5.4 Medium2024-04-04
CVE-2024-25692 BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS — Portal for ArcGISCWE-352 5.4 Medium2024-04-04

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.