Insights

A critical security vulnerability, identified as CVE-2025-2538, has been discovered in specific deployments of Esri's ArcGIS Enterprise. This flaw resides in the Password Recovery feature of the Portal component and could allow unauthorized attackers to reset the password of the built-in admin account, leading to potential unauthorized access and data compromise.​ Vulnerability Details The vulnerability affects the following versions of Portal for ArcGIS on Windows: 10.9.1​ 11.1​ 11.2 This issue has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its high severity. The vulnerability stems from the use of hard-coded credentials (CWE-798), which can be exploited over a network without requiring authentication. Recommended Actions Esri has released the "Portal for ArcGIS Security 2025 Update 1 Patch" to address this vulnerability. It is imperative for organizations utilizing the affected versions to apply this patch immediately to mitigate potential risks. Additional Recommendations Review Access Logs: Examine system logs for any…

Critical Path Security, a leader in cutting-edge cybersecurity solutions, proudly announces its continued support and sponsorship of NASCAR driver Ryan Vargas as he competes in the prestigious NASCAR Canada Series for the 2025 season. After an exhilarating partnership in the NASCAR Whelen Euro Series in 2024, Critical Path Security is expanding its commitment, accompanying Vargas as he returns to North America to race in Canada's premier stock car racing series. This season-long sponsorship underscores the shared values of innovation, perseverance, and the relentless pursuit of excellence that define both Critical Path Security and Ryan Vargas. Patrick Kelley, CEO of Critical Path Security, expressed enthusiasm for the expanded relationship: "Our journey with Ryan Vargas in Europe was nothing short of extraordinary, and we're excited to continue this partnership closer to home. Ryan embodies resilience, skill, and the competitive spirit that aligns perfectly with our company's mission and values. Sponsoring him in…

We're thrilled to announce our continued commitment to the information security community by sponsoring Mental Health Hackers as our first official partnership for 2025! Mental Health Hackers is an incredible organization dedicated to promoting mental wellness, resilience, and support within the cybersecurity community. Their impactful initiatives directly align with our core values at Critical Path Security, reinforcing our dedication not only to digital safety but to the well-being of those who tirelessly protect our digital infrastructures. Patrick Kelley, CEO of Critical Path Security, shares his enthusiasm for this partnership: "Partnering with Mental Health Hackers is more than just sponsorship-it's a statement about who we are and what we stand for at Critical Path Security. Mental wellness is foundational to resilience in cybersecurity. We're proud to support an organization making a real difference, empowering professionals to prioritize their mental health and build stronger, healthier communities." We look forward to a remarkable…