CVE-2025-27816

CRITICAL

Arctera InfoScale 7.0-8.0.2 - Open Redirect

Title source: llm

Description

A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the servers where InfoScale is installed. The service is used only when applications are configured for Disaster Recovery (DR) using the DR wizard. Disabling the Plugin_Host service manually will eliminate the vulnerability.

References (1)

[Various Sources] https://www.veritas.com/content/support/en_US/security/ARC25-002

Scores

CVSS v3 9.8

EPSS 0.0020

EPSS Percentile 41.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Timeline

Published Mar 07, 2025

Tracked Since Feb 18, 2026