CVE-2024-25692 MEDIUM

CVE-2024-25692: BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS

Vendor Esri
Product Portal for ArcGIS
Weakness CWE-352 · CSRF
Published April 4, 2024
Last update April 10, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.

Key dates

02Disclosure timeline

April 4, 2024 CVE published
April 10, 2025 Record updated