CVE-2025-34523
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-08-27

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-27
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34523
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
arcserve udp to 7.0 (exc)
arcserve udp From 8.0 (inc) to 10.2 (exc)
arcserve udp 7.0
arcserve udp 7.0
arcserve udp 7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). It occurs due to improper bounds checking when processing attacker-controlled input, allowing a remote attacker to send specially crafted data that corrupts heap memory. This can lead to denial of service or arbitrary code execution without requiring authentication or user interaction.

Impact Analysis

The vulnerability can impact you by allowing a remote attacker to cause a denial of service or execute arbitrary code on the affected system. This could disrupt your data protection services or allow an attacker to take control of the vulnerable process, potentially compromising system integrity and availability.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Arcserve Unified Data Protection (UDP) to version 10.2 or later, as this version includes the necessary patches. If you are running versions 8.0 through 10.1, apply the patch or upgrade to 10.2. Versions 7.x and earlier are unsupported and must be upgraded to 10.2 to remediate the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34523. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart