CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55106

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.0%

CVSS Severity

CVSS v3 Score 4.8

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/2925891-2

Products affected by CVE-2025-55106

Esri » Portal For Arcgis » Version: 10.9.1

cpe:2.3:a:esri:portal_for_arcgis:10.9.1
Esri » Portal For Arcgis » Version: 11.0

cpe:2.3:a:esri:portal_for_arcgis:11.0
Esri » Portal For Arcgis » Version: 11.1

cpe:2.3:a:esri:portal_for_arcgis:11.1
Esri » Portal For Arcgis » Version: 11.2

cpe:2.3:a:esri:portal_for_arcgis:11.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55106

Products

Pricing

Contact Us