2 matches found
CVE-2025-1067
CVE-2025-1067 describes an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4. A low-privileged user with write access to the local filesystem can place a malicious executable that, when a specific ArcGIS Pro action is performed, may execute with the victim’s privileges. The issue...
CVE-2025-1068
CVE-2025-1068 affects Esri ArcGIS AllSource 1.2 and 1.3 (untrusted search path). A low-privilege attacker with write access to the local file system can plant a malicious executable that executes under the victim’s context when a specific ArcGIS AllSource action is performed. The issue is address...