CVE-2025-2538

Published Mar 20, 2025

Last updated 4 days ago

CVSS critical 9.8

Overview

Description
A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote authenticated attacker to gain administrative access to the system.
Source
psirt@esri.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@esri.com
CWE-798

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-2538

    @transilienceai

    30 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2025-2538 | Esri Portal for ArcGIS 10.9.1/11.1/11.2/11.3/11.4 Password Recovery hard-coded credentials #宇宙セキュリティ #宇宙 #セキュリティ #security #space #spacesecurity https://t.co/4PmteW0cqQ

    @SpaceCyberSec

    21 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-2538 ⚠️🔴 CRITICAL (9.8) 🏢 Esri - Portal for ArcGIS 🏗️ 10.9.1 🔗 https://t.co/OfZbOqef1B #CyberCron #VulnAlert #InfoSec https://t.co/HFDEDb0of9

    @cybercronai

    21 Mar 2025

    753 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  4. �� CVE-2025-2538 - ArcGIS Enterprise - HIGH 🚨 🗓️ Date published 2025-03-20 21:15:23 UTC #ArcGISEnterprise #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Ije71Hk0Rg

    @vulns_space

    20 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-2538 A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the pa… https://t.co/GPtvwYiSSf

    @CVEnew

    20 Mar 2025

    251 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-2538: CRITICAL] Beware of a Password Recovery Exploitation vulnerability in ArcGIS Enterprise that could permit attackers to reset the admin account password in Portal deployments. #cybersecurity#cybersecurity,#vulnerability https://t.co/xXc3IsslZ9 https://t.co/u3ndfrLQ

    @CveFindCom

    20 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References