Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves one critical severity SSRF vulnerability in 11.4 and prior.
Customers with 11.5 and greater are not vulnerable however they must ensure that the 2025 Critical Best Practices are implemented.
As always, any customer using versions of our software in Mature or Retired status should plan their upgrade to a General Availability release version immediately, please see our ArcGIS Enterprise Life Cycle for current GA releases.
This patch was released on May 28th , 2025, and is available here.
We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess the risk of these vulnerabilities to their operations. Both base and modified temporal scores are provided to reflect the availability of an official patch.
Type of vulnerability
Commenting is not enabled for this article.