CVE-2025-67706

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-67706
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.

5.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-2-patch Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-12-31 23:15

Updated : 2026-01-06 19:08

NVD link : CVE-2025-67706

Mitre link : CVE-2025-67706

CVE.ORG link : CVE-2025-67706

JSON object : View

Products Affected

microsoft

  • windows

linux

  • linux_kernel

esri

  • arcgis_server
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type