CVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

May 14, 2025

CVE ID : CVE-2025-0020

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS (Authentication) allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation.

The ArcGIS client_credentials OAuth 2.0 API implementation does not adhere to the RFC/standards; This hidden (known and by-design, but undocumented) functionality enables a requestor (Referred to as client in RFC 6749) to request an, undocumented, custom token expiration from ArcGIS (Referred to as authorization server in RFC 6749).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

Next Article CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

CVE-2025-34043 – Vacron Network Video Recorder (NVR) Remote Command Injection Vulnerability

CVE-2025-5943 – MicroDicom DICOM Viewer Out-of-Bounds Write Remote Code Execution Vulnerability

CVE-2025-5750 – WOLFBOX Level 2 EV Charger TuyaSvcDevosActivateResultParse Heap Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-47931 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-53014 – ImageMagick Heap Buffer Overflow Vulnerability

PowerToys Dashboard is Finally Getting a Much-Needed Redesign

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About

Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild

CVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

Related Posts