CVE-2025-57872
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-17
Assigner: Environmental Systems Research Institute, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 11.0 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unvalidated redirect in Esri Portal for ArcGIS 11.4 and below. It allows a remote, unauthenticated attacker to create a specially crafted URL that redirects a user to an arbitrary website. This can be exploited to facilitate phishing attacks by misleading users into visiting malicious sites.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to redirect users to malicious websites through crafted URLs. This can lead to phishing attacks where users may be tricked into revealing sensitive information or downloading malware, potentially compromising security and trust.