Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover
do son 
Esri has disclosed a critical vulnerability in its ArcGIS Enterprise platform that could allow attackers to hijack built-in administrative accounts through a password reset flaw.
The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.
CVE-2025-2538 could allow an attacker to reset the password on the built-in admin account. In environments where this flaw is unpatched, a remote unauthenticated attacker could gain full control over the portal’s administrative functions — enabling system-wide data access, configuration changes, or privilege escalation.
ArcGIS Enterprise supports deployments across Windows, Linux, and Kubernetes environments, and is used in a wide variety of sectors, including:
- Government GIS mapping systems
- Utility and infrastructure management
- Environmental and disaster response platforms
- Private geospatial analytics platforms
Vulnerable versions include Portal for ArcGIS 10.9.1 through 11.4.
Esri released the Portal for ArcGIS Security 2025 Update 1 Patch on February 18, 2025 to resolve this issue. Organizations using affected versions are strongly advised to apply the patch immediately.
ArcGIS Enterprise is the backbone for mapping, analytics, and spatial data management in many mission-critical environments. A breach of the admin account could lead to data tampering, denial-of-service, or even disruption of government services.
In today’s threat landscape, where cyberattacks are increasingly targeting infrastructure and municipal services, securing geospatial platforms like ArcGIS Enterprise is no longer optional.
