CVE-2025-55103 is a stored Cross-site Scripting (XSS) vulnerability identified in Esri Portal for ArcGIS Enterprise Sites, specifically affecting versions 10.9.1 through 11.4. This vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing an authenticated attacker with high privileges to inject malicious files containing embedded JavaScript code. When a victim loads the infected file, the malicious script executes in their browser context. The attack requires high-level privileges and user interaction (loading the malicious file). Successful exploitation could disclose privileged tokens, potentially enabling the attacker to escalate control and gain full administrative access to the Portal environment. The vulnerability has a CVSS 3.1 base score of 4.8 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, and user interaction needed. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability affects a critical component used for enterprise geographic information system (GIS) portal services, which are often integral to organizational infrastructure for spatial data management and sharing.

For European organizations, the impact of this vulnerability could be significant, especially for those relying on Esri Portal for ArcGIS Enterprise Sites for critical GIS operations, urban planning, environmental monitoring, and infrastructure management. Exploitation could lead to unauthorized disclosure of sensitive spatial data, manipulation of GIS content, and potential takeover of the portal, undermining data integrity and availability. The exposure of privileged tokens could facilitate lateral movement within the network, increasing the risk of broader compromise. Given the reliance on GIS data for public safety, transportation, and utilities management in Europe, disruption or manipulation could have cascading effects on operational continuity and decision-making. Additionally, regulatory frameworks such as GDPR impose strict data protection requirements, and a breach involving sensitive data could result in legal and financial repercussions.

To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict high-privilege access to the Portal, ensuring only necessary personnel have such rights. 2) Implement strict input validation and sanitization controls on all user-uploaded files and content within the Portal environment. 3) Monitor and audit Portal logs for unusual file uploads or script execution attempts. 4) Educate users with high privileges about the risks of loading untrusted files and enforce policies to avoid opening suspicious content. 5) Apply any available vendor patches or updates as soon as they are released by Esri. 6) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the Portal. 7) Conduct regular security assessments and penetration testing focused on the Portal to identify and remediate similar input validation issues proactively. 8) Employ network segmentation to limit the Portal’s access to critical backend systems, reducing potential lateral movement if compromised.