CVE-2024-25699 | Esri Portal for ArcGIS Operational Intel

Executive Risk Summary

"A difficult-to-exploit improper authentication issue in Esri Portal for ArcGIS could allow a remote, authenticated attacker with low-privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change."

Operational Audit Arsenal

Target Type Executable

Target Asset Home application

Standard Path %PROGRAMFILES%\Esri\Portal\Home

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Home application (Executable)
$Targets = 'Home application'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Portal services may be affected

Internal Work Notes

Investigate and apply security updates for Esri Portal for ArcGIS to prevent potential authentication bypass and scope change vulnerabilities.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/

Related Esri Threats

CVE-2025-57870 CVSS 10

ArcGIS Server - Feature Service

CVE-2026-33518 CVSS 9.8

Esri Portal for ArcGIS - Developer Credentials

CVE-2026-33519 CVSS 9.8

Esri Portal for ArcGIS - Authorization Service

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.