Critical Vulnerability in Esri ArcGIS Enterprise: Immediate Action Required

A critical security vulnerability, identified as CVE-2025-2538, has been discovered in specific deployments of Esri's ArcGIS Enterprise. This flaw resides in the Password Recovery feature of the Portal component and could allow unauthorized attackers to reset the password of the built-in admin account, leading to potential unauthorized access and data compromise.​ Vulnerability Details The vulnerability affects the following versions of Portal for ArcGIS on Windows: 10.9.1​ 11.1​ 11.2 This issue has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its high severity. The vulnerability stems from the use of hard-coded credentials (CWE-798), which can be exploited over a network without requiring authentication. Recommended Actions Esri has released the "Portal for ArcGIS Security 2025 Update 1 Patch" to address this vulnerability. It is imperative for organizations utilizing the affected versions to apply this patch immediately to mitigate potential risks. Additional Recommendations Review Access Logs: Examine system logs for any…

0 Comments

Critical Path Security Announces Sponsorship of Ryan Vargas for the 2025 NASCAR Canada Series

Critical Path Security, a leader in cutting-edge cybersecurity solutions, proudly announces its continued support and sponsorship of NASCAR driver Ryan Vargas as he competes in the prestigious NASCAR Canada Series for the 2025 season. After an exhilarating partnership in the NASCAR Whelen Euro Series in 2024, Critical Path Security is expanding its commitment, accompanying Vargas as he returns to North America to race in Canada's premier stock car racing series. This season-long sponsorship underscores the shared values of innovation, perseverance, and the relentless pursuit of excellence that define both Critical Path Security and Ryan Vargas. Patrick Kelley, CEO of Critical Path Security, expressed enthusiasm for the expanded relationship: "Our journey with Ryan Vargas in Europe was nothing short of extraordinary, and we're excited to continue this partnership closer to home. Ryan embodies resilience, skill, and the competitive spirit that aligns perfectly with our company's mission and values. Sponsoring him in…

0 Comments

Critical Path Security Partners With Mental Health Hackers

We're thrilled to announce our continued commitment to the information security community by sponsoring Mental Health Hackers as our first official partnership for 2025! Mental Health Hackers is an incredible organization dedicated to promoting mental wellness, resilience, and support within the cybersecurity community. Their impactful initiatives directly align with our core values at Critical Path Security, reinforcing our dedication not only to digital safety but to the well-being of those who tirelessly protect our digital infrastructures. Patrick Kelley, CEO of Critical Path Security, shares his enthusiasm for this partnership: "Partnering with Mental Health Hackers is more than just sponsorship-it's a statement about who we are and what we stand for at Critical Path Security. Mental wellness is foundational to resilience in cybersecurity. We're proud to support an organization making a real difference, empowering professionals to prioritize their mental health and build stronger, healthier communities." We look forward to a remarkable…

0 Comments

Patrick Kelley, Founder and CEO, to Keynote Georgia EMC Technology Association Spring Meeting

Leargas Security and Critical Path Security are proud to announce our founder and CEO, Patrick Kelley, will deliver the keynote presentation at the Georgia EMC Technology Association Spring Meeting, April 16-18, at the scenic Brasstown Valley Resort. Patrick will speak on "Mental Health in Cooperatives: Balancing the Scales," addressing the critical challenges of burnout and imposter syndrome faced by cybersecurity professionals within electric cooperatives. At Leargas Security and Critical Path Security, we deeply understand the intense pressure cybersecurity teams experience-often understaffed, overwhelmed, and managing multiple roles simultaneously. Patrick's keynote will offer candid insights into these struggles and discuss strategies to foster resilience, improve mental health, and strengthen overall cybersecurity practices within cooperatives. We look forward to meaningful discussions that promote awareness, support well-being, and enhance cyber resilience in our industry. Special thanks to the Georgia EMC Technology Association for hosting this important event and to Brasstown Valley Resort for providing…

Comments Off on Patrick Kelley, Founder and CEO, to Keynote Georgia EMC Technology Association Spring Meeting