ArcGIS Hidden Functionality Allows Insecure OAuth 2.0 Based Authentication – CVE-2025-0020 VSL-2025-21 – Full Disclosure

Posted by CVE – VULSec Labs via Fulldisclosure on May 16
=== SUMMARY ===
Vendor: ArcGIS Product: ArcGIS Subject: ArcGIS Hidden Functionality Allows Insecure OAuth 2.0 Based Authentication –
CVE-2025-0020 VSL-2025-21
CVSS: 7.9 (high) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/U:Amber
Credit: Erez Kalman
Author: VULSec Labs
Date: 2025-05-14
=== DETAILS ===
CWE/CAPEC: Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality…
– Read More – Full Disclosure