Veritas’ Arctera InfoScale Enterprise for Windows, versions 7.0 through 8.0.2, has been found vulnerable to CVE-2025-27816, allowing remote code execution due to insecure deserialization within the .NET remoting interface. The vulnerability could enable attackers to bypass authentication and execute arbitrary code with SYSTEM-level privileges on affected Windows servers, thus compromising enterprise systems used for disaster recovery workflows. The flaw has a high CVSS score of 9.8, indicating severe exploitability. Organizations are advised to disable the Plugin_Host service or manually configure disaster recovery without the vulnerable component to mitigate risks.
Source: https://cybersecuritynews.com/critical-veritas-vulnerability/
"id": "ver1006031125",
"linkid": "veritas-ag",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"