Critical vulnerability reported in Veritas Arctera InfoScale
Take action: If you are using Veritas Arctera InfoScale, make sure to isolate the InfoScale cluster and make it accessible only from trusted networks and apply mitigation options. Then stop the Veritas Plug-in Host Service (Plugin_Host) and set its Startup Type to Disabled on each cluster node or set up manual DR configuration. Then check with the vendor for a patch.
Learn More
A critical vulnerability is reported in Veritas' Arctera InfoScale, a solution used for disaster recovery and high availability scenarios. The flaw attackers to execute malicious code on affected systems.
The vulnerability is tracked as CVE-2025-27816 (CVSS score 9.8) and stems from insecure deserialization of potentially untrusted messages in the Plugin_Host service that runs on all servers where InfoScale is installed. This service is only active when applications are configured for Disaster Recovery using the DR wizard.
The vulnerability affects Arctera InfoScale Enterprise for Windows versions:
- 7.0, 7.0.1
- 7.1, 7.2
- 7.3, 7.3.1
- 7.4, 7.4.1, 7.4.2
- 8.0, 8.0.1, 8.0.2
Earlier unsupported versions of Arctera/Veritas InfoScale are also susceptible to this security flaw.
To address this critical vulnerability, users have two primary mitigation options:
- Disable the Service: On each node in the InfoScale cluster, stop the Veritas Plug-in Host Service (Plugin_Host) and set its Startup Type to Disabled. This action prevents attackers from exploiting the deserialization flaw.
- Manual DR Configuration: Alternatively, users can configure disaster recovery applications manually without using the vulnerable component, avoiding reliance on the compromised service.
It's not clear how soon Veritas will issue a patch for this flaw. In the meantime, users are advised to isolate the InfoScale cluster and make it accessible only from trusted networks and apply mitigation options.
