CVE-2025-34520
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arcserve | udp | to 7.0 (exc) |
| arcserve | udp | From 8.0 (inc) to 10.2 (exc) |
| arcserve | udp | 7.0 |
| arcserve | udp | 7.0 |
| arcserve | udp | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in Arcserve Unified Data Protection (UDP) versions prior to 10.2. It allows unauthenticated attackers to bypass login mechanisms by manipulating request parameters or exploiting a logic flaw, granting them unauthorized access to protected functionality or user accounts, including administrator-level features.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain unauthorized access to administrator-level features without valid credentials, potentially leading to unauthorized data access, modification, or disruption of backup and data protection services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade Arcserve Unified Data Protection (UDP) to version 10.2, which includes the necessary patches. If upgrading is not possible, apply the available patches for versions 8.0 through 10.1. Versions 7.x and earlier are unsupported and must be upgraded to 10.2 to remediate the issue.