CVE-2025-55107 is a stored Cross-site Scripting (XSS) vulnerability identified in Esri Portal for ArcGIS Enterprise Sites, specifically affecting versions 10.9.1 through 11.4. This vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing a remote attacker with high privileges and authenticated access to inject malicious files containing embedded JavaScript code. When these files are loaded by a victim, the malicious script executes in the context of the victim's browser. The attack requires the attacker to have high-level privileges within the Portal, which implies that the attacker must already have significant access to the system. Successful exploitation could lead to disclosure of privileged tokens, potentially enabling the attacker to escalate their control and gain full administrative access to the Portal environment. The vulnerability has a CVSS v3.1 base score of 4.8 (medium severity), reflecting that while the attack vector is network-based and requires low attack complexity, it demands high privileges and user interaction. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability affects a critical component used for enterprise geographic information system (GIS) management and collaboration, which is often integrated into broader organizational IT infrastructure.

For European organizations, the impact of this vulnerability can be significant, especially for entities relying on Esri Portal for ArcGIS Enterprise Sites for critical GIS operations such as urban planning, environmental monitoring, utilities management, and defense. Exploitation could lead to unauthorized disclosure of sensitive geographic data and administrative tokens, resulting in potential data breaches, manipulation of GIS data, and disruption of services dependent on accurate spatial information. The ability to execute arbitrary JavaScript in users' browsers could also facilitate further attacks such as session hijacking, credential theft, or lateral movement within the network. Given the high privileges required, the threat is more pronounced in environments where internal threat actors or compromised accounts exist. The vulnerability could undermine trust in GIS data integrity and availability, impacting decision-making processes and operational continuity in sectors critical to European infrastructure and governance.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately review and restrict high-privilege accounts to minimize the risk of credential compromise. 2) Implement strict input validation and sanitization controls on all user-uploaded files and content within the Portal environment, even beyond vendor patches. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing the Portal. 4) Monitor logs and user activity for unusual file uploads or access patterns indicative of attempted exploitation. 5) Segment the Portal infrastructure from other critical systems to contain potential breaches. 6) Apply vendor patches promptly once released, and maintain up-to-date software versions. 7) Conduct regular security awareness training for administrators and users with elevated privileges to recognize phishing or social engineering attempts that could lead to account compromise. 8) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injections targeting the Portal.