CVE-2025-55104 MEDIUM

CVE-2025-55104: BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.

Vendor Esri
Product Portal for ArcGIS Enterprise Sites
Weakness CWE-79 · XSS
Published August 21, 2025
Last update August 21, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.

Key dates

02Disclosure timeline

August 21, 2025 CVE published
August 21, 2025 Record updated