CVE-2024-51954 | ArcGIS Server Operational Intel

Executive Risk Summary

"A remote, low-privileged authenticated attacker could exploit an improper access control issue in ArcGIS Server versions 11.3 and below to access secure services outside their originally assigned authorization boundary. Successful exploitation would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software."

Operational Audit Arsenal

Target Type Service

Target Asset ArcGIS Server

Standard Path %PROGRAMFILES%\ESRI\ArcGIS Server

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: ArcGIS Server (Service)
$Targets = 'ArcGIS Server'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

ArcGIS Server service

Internal Work Notes

Apply ArcGIS Server Security 2025 Update 1 patch to mitigate improper access control vulnerability (CVE-2024-51954)

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Related Esri Threats

CVE-2025-57870 CVSS 10

ArcGIS Server - Feature Service

CVE-2026-33518 CVSS 9.8

Esri Portal for ArcGIS - Developer Credentials

CVE-2026-33519 CVSS 9.8

Esri Portal for ArcGIS - Authorization Service

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.