Trending

News

Critical Security Flaw in Veritas Arctera InfoScale Exposes Enterprises to RCE Attacks

Listen to this article

A severe security vulnerability in Veritas’ Arctera InfoScale product line has left enterprise systems susceptible to remote code execution (RCE) attacks, highlighting ongoing risks in disaster recovery (DR) infrastructure.

Vulnerability Details

Tracked as CVE-2025-27816 (CVSS v3.1 score: 9.8), the flaw resides in the Windows Plugin_Host service, a component activated during DR configuration via InfoScale’s GUI-based wizard.

Exploitation allows attackers to bypass authentication and execute arbitrary code by sending maliciously crafted .NET remoting messages to vulnerable endpoints.

Root Cause: Insecure Deserialization

The flaw stems from insecure deserialization (CWE-502) within the Plugin_Host service’s .NET remoting interface.

Deserialization—converting serialized data back into objects—becomes a critical risk when untrusted inputs are processed without validation. In this case, Plugin_Host fails to verify message integrity, allowing attackers to inject and execute malicious payloads.

The affected service runs by default on all Windows servers with Arctera InfoScale installations but is only necessary when managing DR configurations via the wizard. This limits the attack surface to environments using automated DR workflows. If exploited, attackers could gain SYSTEM-level privileges, compromising entire clusters.

Affected Versions & Mitigation

Veritas confirmed that InfoScale Enterprise for Windows versions 7.0 through 8.0.2, as well as legacy, unsupported versions, are vulnerable.

To mitigate risks, administrators should:

  • Disable the Plugin_Host service across all cluster nodes.
  • Manually configure DR without using the vulnerable component.

Organizations opting for manual DR must follow Veritas’ guidelines to prevent accidental reactivation of the service.

Expert Insight

Security researcher Sina Kheirkhah of watchTowr Labs, credited with discovering the flaw, emphasized the dangers of insecure deserialization:

“Developers often underestimate how trivial it is to weaponize gadget chains in .NET environments.”

CVE-2025-27816 demonstrates how outdated technologies can resurface as critical threats in modern infrastructures. Given its high exploitability, organizations must act immediately by disabling vulnerable services and auditing disaster recovery workflows.

As watchTowr’s research highlights, proactive defense—not just patching—is crucial in an era where attackers rapidly weaponize such flaws.
Cyberkitera

Cyberkitera is a premier cybersecurity publishing platform dedicated to providing the latest insights, expert security tips, and news across all areas of cybersecurity. Our mission is to empower individuals and businesses with knowledge to prevent cyber threats, stay informed about emerging trends, and safeguard their digital assets. From industry updates to practical advice on protecting against cyber attacks, Cyberkitera is your trusted source for staying ahead in the ever-evolving world of cybersecurity.

view all posts

Related Posts

Post Comment

You May Have Missed