CVE-2024-51961
Published: 03 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2024-51961 is a local file inclusion vulnerability in ArcGIS Server 11.3 and earlier versions. It enables a remote, unauthenticated attacker to craft a URL that could disclose sensitive configuration information by reading internal files from the server. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high impact to confidentiality with no impact to integrity or availability, and is linked to CWE-73 and CWE-610.
A remote attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. By sending a specially crafted URL to the affected ArcGIS Server, the attacker can read internal files, potentially exposing sensitive configuration data.
The Esri advisory provides details on mitigation through the ArcGIS Server Security 2025 Update 1 patch, available at https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
LFI in public-facing ArcGIS Server enables remote unauthenticated file reads for config data, directly mapping to T1190 (exploiting public-facing apps) and T1005 (collecting data from local system files).