CVE-2025-57870
Published: 22 October 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-57870 is a SQL injection vulnerability (CWE-89) affecting Esri ArcGIS Server versions 11.3, 11.4, and 11.5 running on Windows, Linux, and Kubernetes platforms. The flaw resides in a specific ArcGIS Feature Service operation, enabling the injection and execution of arbitrary SQL commands against the underlying Enterprise Geodatabase. Published on October 22, 2025, it carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.
A remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction. Successful exploitation allows execution of arbitrary SQL commands, potentially granting unauthorized access to sensitive data, modification of database contents, or deletion of records in the Enterprise Geodatabase.
Esri has addressed the issue through a security patch detailed in their advisory at https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch, recommending immediate application to vulnerable ArcGIS Server Feature Services installations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in public-facing ArcGIS Feature Service (T1190) enables arbitrary SQL execution on Enterprise Geodatabase for unauthorized data access (T1213.006).