Security Advisory

CVE-2025-57870

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-22 14:26:22
Last updated 2026-02-26 16:57:13
Assigner Esri
State PUBLISHED

Description

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.