PT-2025-34946 · Arcserve · Arcserve Unified Data Protection
Watchtowr
·
Published
2025-08-27
·
Updated
2026-03-01
·
CVE-2025-34520
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Arcserve Unified Data Protection (UDP) versions prior to 10.2
Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1
Arcserve Unified Data Protection (UDP) versions 7.x and earlier
Description:
An authentication bypass in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Attackers can bypass login mechanisms without valid credentials and access administrator-level features by manipulating request parameters or exploiting a logic flaw.
Recommendations:
Upgrade to Arcserve Unified Data Protection (UDP) version 10.2.
Apply the available patch for Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1.
Upgrade to Arcserve Unified Data Protection (UDP) version 10.2 from versions 7.x and earlier.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcserve Unified Data Protection