CVE-2025-34522
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arcserve | udp | to 7.0 (exc) |
| arcserve | udp | From 8.0 (inc) to 10.2 (exc) |
| arcserve | udp | 7.0 |
| arcserve | udp | 7.0 |
| arcserve | udp | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the input parsing logic of Arcserve Unified Data Protection (UDP). It can be exploited without authentication by sending specially crafted input, causing improper bounds checking that allows an attacker to overwrite heap memory. This can lead to application crashes or remote code execution within the affected process, without requiring user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including application crashes and potentially full remote code execution on the affected system. Because it can be exploited without authentication and user interaction, it poses a high risk of system compromise, which could result in loss of data integrity, availability, and confidentiality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Arcserve Unified Data Protection (UDP) to version 10.2 or later, as this version includes the necessary patches. If you are running versions 8.0 through 10.1, apply the available patches or upgrade to 10.2. Versions 7.x and earlier are unsupported and must be upgraded to 10.2 to remediate the issue.