Authentication Bypass Vulnerability in Arcserve Unified Data Protection
CVE-2025-34520

7.7HIGH

Key Information:

Vendor: Arcserve
Status: Unified Data Protection (udp)
Vendor: CVE Published:; 27 August 2025

What is CVE-2025-34520?

This vulnerability in Arcserve Unified Data Protection allows attackers to exploit specific request parameters to bypass authentication mechanisms. As a result, unauthorized users can gain access to protected functionalities and potentially compromise user accounts. All versions prior to 10.2 are impacted, and while version 10.2 includes the necessary security patches, users of versions 8.0 through 10.1 are advised to apply patches or upgrade. Earlier versions (7.x and below) are unsupported and must be upgraded to ensure security.

Affected Version(s)

Unified Data Protection (UDP) 8.0 <= 10.1

Unified Data Protection (UDP) * <= 7.x

Unified Data Protection (UDP) 10.2

References

https://support.arcserve.com/s/article/Important-Security...

vendor-advisorypatch

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

watchTowr