CVE-2025-27816 (CVSS 9.8): Critical Vulnerability in Veritas InfoScale Could Allow RCE

Veritas has issued a critical security advisory regarding a vulnerability in its Arctera InfoScale product that could allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-27816 and assigned a CVSS score of 9.8, is caused by insecure deserialization of untrusted data in a .NET remoting endpoint.

The vulnerability exists in the Windows Plugin_Host service, which runs on all servers where InfoScale is installed. This service is used only when applications are configured for Disaster Recovery (DR) using the DR wizard. An attacker could exploit this vulnerability by sending a specially crafted message to the vulnerable endpoint, potentially leading to remote code execution.

The following versions of Arctera InfoScale Enterprise for Windows are affected: 7.0, 7.0.1, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.1, 7.4.2, 8.0, 8.0.1, and 8.0.2. Earlier unsupported versions are also likely vulnerable.

Veritas credits Sina Kheirkhah (@SinSinology) of watchTowr for discovering and reporting this vulnerability.

Veritas recommends taking one of the following actions to mitigate the risk:

Disable the vulnerable service: On each node in the InfoScale cluster, stop the Veritas Plug-in Host Service (Plugin_Host) service and set its Startup Type to Disabled.
Configure DR manually: Alternatively, configure applications for DR manually, without using the vulnerable component. Veritas provides instructions for manual DR configuration in this technote.

Organizations using Veritas InfoScale should take immediate action to mitigate the risk and protect their systems from potential attacks.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply