Veritas Arctera InfoScale Critical Vulnerability (CVE-2025-27816)
CVE number = CVE-2025-27816 it also has a high CVSS v3.1 base score of 9.8.
A critical vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages.
The issue lies in the insecure deserialization of untrusted data in the .NET remoting endpoint, allowing attackers to execute malicious code on affected systems.
The vulnerability is present in the Windows Plugin_Host service, which runs on all the servers where InfoScale is installed.
The service is used only when applications are configured for Disaster Recovery (DR) using the DR wizard.
Disabling the Plugin_Host service manually will eliminate the vulnerability.
Further details – https://www.veritas.com/content/support/en_US/security/ARC25-002
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.