Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 147

Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Esri develops geographic information system (GIS) software, enabling organizations to map, analyze, and visualize spatial data for urban planning, logistics, and environmental management. The company’s extensive portfolio, including ArcGIS Server and Portal for ArcGIS, has historically been associated with 147 recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations in web-facing components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities highlights the complexity of securing large-scale enterprise GIS deployments. Many issues require administrative access to exploit, yet successful attacks can lead to full system compromise or data exfiltration. Continuous patching and strict network segmentation remain critical for mitigating risks associated with these legacy and modern software components within critical infrastructure environments.

Found 54 results / 147Clear Filters
Top products by Esri: ArcGIS Server Portal for ArcGIS ArcGIS Enterprise ArcReader Portal for ArcGIS Enterprise Sites ArcGIS Enterprise Web App Builder ArcGIS Enterprise Server Portal for ArcGIS Sites ArcGIS Quickcapture Portal for ArcGIS Enterprise Experience Builder ArcGIS Pro ArcGIS Insights ArcGIS GeoEvent Server Portal for ArcGIS ArcGIS Enterprise Builder Enterprise Web App Builder ArcGIS AllSource ArcGIS Monitor ArcGIS Earth Portal for ArcGIS Enterprise Experience Sites ArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67710 Stored XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67709 There is a cross site scripting issue in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67708 Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67704 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services. — ArcGIS ServerCWE-89 10.0 Critical2025-10-22
CVE-2024-51966 Directory traversal vulnerability in ArcGIS Server — ArcGIS ServerCWE-22 4.9 Medium2025-03-03
CVE-2024-51963 Stored XSS in ArcGIS Server Manager — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51962 SQL injection vulnerability in ArcGIS Server — ArcGIS ServerCWE-89 8.7 High2025-03-03
CVE-2024-51961 Local file inclusion (LFI) vulnerability in ArcGIS Server — ArcGIS ServerCWE-73 7.5 High2025-03-03
CVE-2024-51960 Stored XSS in ArcGIS Server Administrator Directory — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51959 Stored XSS issue in Server Admin API — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51958 Directory traversal vulnerability in the admin api for service thumbnails — ArcGIS ServerCWE-22 4.9 Medium2025-03-03
CVE-2024-51957 Stored XSS vulnerability in ArcGIS Rest Services Directory — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51956 Stored XSS vulnerability in ArcGIS Server Administrator Directory — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51954 Unauthorized access to secure services in ArcGIS Server — ArcGIS ServerCWE-284 8.5 High2025-03-03
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51952 Stored XSS issue in ArcGIS Server — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51951 Stored XSS in Server Admin API — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51950 Stored XSS in Server Admin under Services > lifecycleinfos — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51949 Stored XSS vulnerability in Rest Services under OGCFeature Service and Map Service — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51947 Stored XSS vulnerability in Rest Services under Layer name — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51946 Stored XSS in Rest Services Directory under Identify operation — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51945 Stored XSS issues in Server Admin API — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51944 Stored XSS in Rest Services Directory — ArcGIS ServerCWE-79 4.8 Medium2025-03-03

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.