CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-57870

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.9%

CVSS Severity

CVSS v3 Score 10.0

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch

Products affected by CVE-2025-57870

Esri » Arcgis Server » Version: 11.3

cpe:2.3:a:esri:arcgis_server:11.3
Kubernetes » Kubernetes » Version: N/A

cpe:2.3:a:kubernetes:kubernetes:-
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-57870

Products

Pricing

Contact Us