A critical vulnerability has been detected in Veritas’ Arctera InfoScale product, a widely used solution for disaster recovery and high availability scenarios. The vulnerability stems from the insecure deserialization of untrusted data in the .NET remoting endpoint, which could enable malicious actors to execute harmful code on affected systems. This issue, classified as CVE-2025-27816, carries a severity rating of Critical and a high CVSS v3.1 base score of 9.8.
The impact of this vulnerability extends to various versions of Arctera InfoScale Enterprise for Windows, including 7.0 through 8.0. Versions predating the supported range are also potentially susceptible to this security flaw, raising concerns for users across different iterations of the software.
The root cause of this vulnerability lies in the insecure deserialization of untrusted data in the Plugin_Host service, an integral part of the InfoScale product primarily utilized in disaster recovery configurations facilitated through the DR wizard. Exploiting this vulnerability could empower threat actors to execute arbitrary code on servers, paving the way for significant security breaches within the affected systems.
Servers running the Plugin_Host service, particularly when applications are configured for disaster recovery, are particularly vulnerable to the exploitation of this flaw. To mitigate the risks associated with this critical vulnerability, users are presented with two primary courses of action.
One approach involves disabling the Veritas Plug-in Host Service (Plugin_Host) on each node within the InfoScale cluster, effectively halting its activity and preventing attackers from leveraging the deserialization vulnerability. Alternatively, users can choose to manually configure disaster recovery applications without relying on the compromised service, thereby circumventing exposure to the identified security flaw.
Veritas has acknowledged the efforts of Sina Kheirkhah, a security researcher from watchTowr, for responsibly disclosing this vulnerability. This collaborative endeavor underscores the significance of community-driven cybersecurity practices, emphasizing the swift identification and resolution of critical issues within the technology landscape.
Given the considerable risks posed by this vulnerability, it is imperative for organizations utilizing the impacted versions of InfoScale to promptly implement the recommended mitigation strategies to fortify their systems against potential malicious attacks. Proactive measures such as these can significantly enhance the security posture of enterprises and mitigate the potential impact of vulnerabilities within critical software solutions.
In conclusion, the identification of vulnerabilities within essential software solutions underscores the ongoing importance of robust cybersecurity practices and the collaborative efforts of security researchers and software vendors in safeguarding digital ecosystems against malicious threats. By promptly addressing and mitigating vulnerabilities such as the one observed in Veritas’ Arctera InfoScale product, organizations can bolster their resilience to cyber threats and uphold the integrity of their critical IT infrastructure.