Critical Vulnerability in Esri ArcGIS Enterprise: Immediate Action Required

A critical security vulnerability, identified as CVE-2025-2538, has been discovered in specific deployments of Esri's ArcGIS Enterprise. This flaw resides in the Password Recovery feature of the Portal component and could allow unauthorized attackers to reset the password of the built-in admin account, leading to potential unauthorized access and data compromise.​ Vulnerability Details The vulnerability affects the following versions of Portal for ArcGIS on Windows: 10.9.1​ 11.1​ 11.2 This issue has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its high severity. The vulnerability stems from the use of hard-coded credentials (CWE-798), which can be exploited over a network without requiring authentication. Recommended Actions Esri has released the "Portal for ArcGIS Security 2025 Update 1 Patch" to address this vulnerability. It is imperative for organizations utilizing the affected versions to apply this patch immediately to mitigate potential risks. Additional Recommendations Review Access Logs: Examine system logs for any…

0 Comments

Critical Path Security Announces Sponsorship of Ryan Vargas for the 2025 NASCAR Canada Series

Critical Path Security, a leader in cutting-edge cybersecurity solutions, proudly announces its continued support and sponsorship of NASCAR driver Ryan Vargas as he competes in the prestigious NASCAR Canada Series for the 2025 season. After an exhilarating partnership in the NASCAR Whelen Euro Series in 2024, Critical Path Security is expanding its commitment, accompanying Vargas as he returns to North America to race in Canada's premier stock car racing series. This season-long sponsorship underscores the shared values of innovation, perseverance, and the relentless pursuit of excellence that define both Critical Path Security and Ryan Vargas. Patrick Kelley, CEO of Critical Path Security, expressed enthusiasm for the expanded relationship: "Our journey with Ryan Vargas in Europe was nothing short of extraordinary, and we're excited to continue this partnership closer to home. Ryan embodies resilience, skill, and the competitive spirit that aligns perfectly with our company's mission and values. Sponsoring him in…

0 Comments

Critical Path Security Partners With Mental Health Hackers

We're thrilled to announce our continued commitment to the information security community by sponsoring Mental Health Hackers as our first official partnership for 2025! Mental Health Hackers is an incredible organization dedicated to promoting mental wellness, resilience, and support within the cybersecurity community. Their impactful initiatives directly align with our core values at Critical Path Security, reinforcing our dedication not only to digital safety but to the well-being of those who tirelessly protect our digital infrastructures. Patrick Kelley, CEO of Critical Path Security, shares his enthusiasm for this partnership: "Partnering with Mental Health Hackers is more than just sponsorship-it's a statement about who we are and what we stand for at Critical Path Security. Mental wellness is foundational to resilience in cybersecurity. We're proud to support an organization making a real difference, empowering professionals to prioritize their mental health and build stronger, healthier communities." We look forward to a remarkable…

0 Comments

Léargas Security & Critical Path Security at CGA Energy Summit 2025

Ottawa, Ontario | March 24-27, 2025 Léargas Security and Critical Path Security are headed to the CGA Energy Summit in Ottawa, Ontario! Our own Patrick Kelley and Ben Estephan will be on-site, engaging with attendees to discuss two critical topics at the intersection of energy, cybersecurity, and mental health. While not speaking this time, Patrick and Ben will be available throughout the event to meet with industry leaders, energy professionals, and security experts to address some of the most pressing challenges in the field. 🔹 Cybersecurity in Energy Infrastructure - As cyber threats continue to evolve, we'll be exchanging insights on how organizations can strengthen their defenses, improve visibility, and implement actionable strategies to protect critical energy assets. 🔹 Mental Health in High-Stakes Industries - The cybersecurity and energy sectors both demand constant vigilance and resilience. We'll be discussing the importance of mental health, stress management, and work-life balance in…

0 Comments