CVE-2025-67705 is a stored cross-site scripting (XSS) vulnerability identified in Esri ArcGIS Server versions 11.4 and earlier, including 10.9.1, running on Windows and Linux. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject malicious scripts into files stored on the server. These scripts execute in the context of a victim's browser when the malicious content is accessed, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without requiring authentication, although user interaction is necessary to trigger the malicious script execution. The CVSS 3.1 base score of 6.1 reflects a medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). While no public exploits are currently known, the vulnerability's presence in widely used geospatial server software poses a risk to organizations relying on ArcGIS Server for mapping and spatial data services. The vulnerability could be leveraged to compromise sensitive geospatial data or facilitate further attacks within the victim's network.

For European organizations, the impact of CVE-2025-67705 can be significant, particularly for entities in government, defense, critical infrastructure, urban planning, and environmental monitoring that depend on Esri ArcGIS Server for geospatial data services. Exploitation could lead to unauthorized disclosure of sensitive spatial data, manipulation of displayed information, or execution of malicious actions in the context of legitimate users. This undermines data confidentiality and integrity, potentially causing operational disruptions or misinformation. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure victims into triggering the exploit. The compromise of ArcGIS Server environments could also serve as a foothold for attackers to escalate privileges or move laterally within networks. Given the strategic importance of geospatial data in European security and infrastructure, this vulnerability poses a moderate risk that warrants timely mitigation.

1. Apply official patches or updates from Esri as soon as they become available to address CVE-2025-67705. 2. Implement strict input validation and output encoding on all user-supplied data to prevent injection of malicious scripts. 3. Restrict file upload capabilities and enforce content-type validation to prevent storage of malicious files. 4. Configure web application firewalls (WAFs) to detect and block XSS payloads targeting ArcGIS Server endpoints. 5. Conduct regular security audits and penetration testing focused on web application vulnerabilities in ArcGIS Server deployments. 6. Educate users about phishing and social engineering risks to reduce the likelihood of triggering stored XSS attacks. 7. Monitor server and application logs for unusual activities or repeated attempts to inject scripts. 8. Segment ArcGIS Server environments from critical internal networks to limit potential lateral movement if compromised. 9. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing ArcGIS Server content.