PT-2025-10050 · Veritas · Arctera Infoscale
Published
1999-01-01
·
Updated
2025-06-01
·
CVE-2025-27816
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Arctera InfoScale versions 7.0 through 8.0.2
Description
A vulnerability was discovered where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin Host service, which runs on all the servers where InfoScale is installed. This service is used when applications are configured for Disaster Recovery (DR) using the DR wizard.
Recommendations
For Arctera InfoScale versions 7.0 through 8.0.2, disabling the Plugin Host service manually will eliminate the vulnerability.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arctera Infoscale