Heap-based Buffer Overflow in Arcserve Unified Data Protection
CVE-2025-34522

9.2CRITICAL

Key Information:

Vendor: Arcserve
Status: Unified Data Protection (udp)
Vendor: CVE Published:; 27 August 2025

What is CVE-2025-34522?

A vulnerability exists in the input parsing logic of Arcserve Unified Data Protection that can be exploited through heap-based buffer overflow. This flaw allows unauthorized attackers to send specially crafted inputs which compromise heap memory, resulting in application instability or enabling remote code execution. The exploitation does not require user interaction and can occur pre-authentication. All versions prior to 10.2 are affected, while versions 8.0 through 10.1 need urgent patching or upgrading. Version 10.2 incorporates necessary security fixes.

Affected Version(s)

Unified Data Protection (UDP) 8.0 <= 10.1

Unified Data Protection (UDP) * <= 7.x

Unified Data Protection (UDP) 10.2

References

https://support.arcserve.com/s/article/Important-Security...

vendor-advisorypatch

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

watchTowr