Home Veritas CVE-2025-27816
Back to Veritas

CVE-2025-27816

Arctera InfoScale - Plugin_Host

Veritas CVSS 9.8 Updated March 10, 2026

Executive Risk Summary

"A vulnerability in the Arctera InfoScale Plugin_Host service allows for insecure deserialization of potentially untrusted messages, which can be exploited by an attacker. Disabling the Plugin_Host service manually can eliminate the vulnerability."

Operational Audit Arsenal

Target Type Service
Target Asset Plugin_Host
Standard Path %windir%\System32
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: Plugin_Host (Service)
$Targets = 'Plugin_Host'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Disaster Recovery services

Internal Work Notes

Vulnerability in Arctera InfoScale Plugin_Host service, recommend disabling service to mitigate risk

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.veritas.com/content/support/en_US/security/ARC25-002

Related Veritas Threats

CVE-2024-28222 CVSS 9.8

NetBackup - BPCD process
CVE-2024-53909 CVSS 9.8

Veritas Enterprise Vault - Server
CVE-2024-53910 CVSS 9.8

Veritas Enterprise Vault - Server
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.