On September 24, 2025, The Portal for ArcGIS Security 2025 Update 1 Patch was made obsolete. The download page has been updated to indicate the change, and users will no longer see Update 1 available in the Patch Notification tool. The URL for the obsolete patch is:
https://support.esri.com/en-us/patches-updates/2025/portal-for-arcgis-security-2025-update-1-patch
Vulnerabilities that where fixed by this patch are now fixed in Portal for ArcGIS Security 2025 Update 3 Patch.
Vulnerability addressed in this patch:
Password Recovery Exploitation
- CVE Details: CVE-2025-2538
- CWE-798 Use of Hard-coded Credentials
- Base CVSS 3.1: 9.8 Temporal CVSS: 8.8
- Base CVSS 4.0: 9.3
Commenting is not enabled for this article.