CVE-2025-4967 — Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker ... | CVE Daily

Critical CVSS 9.1

Overview

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.

CWE: CWE-918 Published: 2025-05-29T20:15:27.660

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.1 (CRITICAL)
Detected tags: ssrf, unauth_access (tag impact: HIGH)

Recommended actions:

Deny access to internal/metadata addresses; use outbound allowlists.
Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags