CVE-2025-27816 | InfoScale - Plugin_Host Operational Intel

Executive Risk Summary

"A vulnerability in the Arctera InfoScale 7.0 through 8.0.2 allows for insecure deserialization of potentially untrusted messages via a .NET remoting endpoint, which can be exploited by attackers. Disabling the Plugin_Host service manually can eliminate the vulnerability."

Operational Audit Arsenal

Target Type Service

Target Asset Plugin_Host

Standard Path All servers where InfoScale is installed

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Plugin_Host (Service)
$Target = "Plugin_Host"
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Filter $Target -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unknown

Service Disruption

Low to Medium

Internal Work Notes

Recommend disabling the Plugin_Host service until a patch is available, as this service is only used when applications are configured for Disaster Recovery (DR) using the DR wizard.

Intelligence Sources

Official Advisory https://www.veritas.com/content/support/en_US/security/ARC25-002

Scope of Impact

Original NVD Description

"A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the servers where InfoScale is installed. The service is used only when applications are configured for Disaster Recovery (DR) using the DR wizard. Disabling the Plugin_Host service manually will eliminate the vulnerability."

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.