CVE-2025-27816
First published: Fri Mar 07 2025(Updated: )
A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the servers where InfoScale is installed. The service is used only when applications are configured for Disaster Recovery (DR) using the DR wizard. Disabling the Plugin_Host service manually will eliminate the vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas InfoScale | >=7.0<=8.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-27816?
The severity of CVE-2025-27816 is classified as high due to the potential for remote exploitation.
How do I fix CVE-2025-27816?
To fix CVE-2025-27816, upgrade your Arctera InfoScale software to version 8.0.3 or later.
What systems are affected by CVE-2025-27816?
CVE-2025-27816 affects Arctera InfoScale versions 7.0 through 8.0.2.
What type of vulnerability is CVE-2025-27816?
CVE-2025-27816 is an insecure deserialization vulnerability that can be exploited through a .NET remoting endpoint.
What can an attacker do with CVE-2025-27816?
An attacker can exploit CVE-2025-27816 to execute arbitrary code on affected systems via crafted messages.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/description
- agent/type
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/severity
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/arctera
- canonical/veritas infoscale