CVE-2025-57870 | ArcGIS Server - Feature Service Operational Intel

Executive Risk Summary

"A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4, and 11.5, allowing a remote, unauthenticated attacker to execute arbitrary SQL commands. Successful exploitation can result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase."

Operational Audit Arsenal

Target Type Executable

Target Asset ArcGIS Feature Service

Standard Path %PROGRAMFILES%\Esri\ArcGIS Server\bin\ArcGISFeatureService.exe

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: ArcGIS Feature Service (Executable)
$Targets = 'ArcGIS Feature Service'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

ArcGIS Server service

Internal Work Notes

Apply security patch for ArcGIS Server Feature Service SQL Injection vulnerability (CVE-2025-57870) to prevent unauthorized data access

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch

Related Esri Threats

CVE-2026-33518 CVSS 9.8

Esri Portal for ArcGIS - Developer Credentials

CVE-2026-33519 CVSS 9.8

Esri Portal for ArcGIS - Authorization Service

CVE-2024-25699 CVSS 8.5

Esri Portal for ArcGIS

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.