Start your free trial today.
Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.
Your Shield Against Threats
Unleash the Power of Cybersecurity
Boost Your Security, Enhance Your Business
We solve Your Cyber Challenges
Quick Links
Resources
Deepaegis Portals
2025 Deepaegis. All Rights Reserved.

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. No race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation.
Published
December 31, 2025
Last Modified
February 18, 2026