CVE-2025-57872
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-17
Assigner: Environmental Systems Research Institute, Inc.
Description
Description
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 11.0 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
