Heap-Based Buffer Overflow Vulnerability in Arcserve Unified Data Protection
CVE-2025-34523

9.2CRITICAL

Key Information:

Vendor: Arcserve
Status: Unified Data Protection (udp)
Vendor: CVE Published:; 27 August 2025

What is CVE-2025-34523?

A heap-based buffer overflow vulnerability exists in Arcserve Unified Data Protection's network-facing input handling routines, allowing remote attackers to exploit improperly checked input. By sending crafted data, attackers can corrupt heap memory, leading to potential denial of service or arbitrary code execution. This vulnerability, affecting all UDP versions prior to 10.2, can be exploited without authentication and requires no user interaction. To mitigate the risk, users of versions 8.0 through 10.1 should apply patches or upgrade to version 10.2, while versions 7.x and earlier should also be upgraded to ensure security.

Affected Version(s)

Unified Data Protection (UDP) 8.0 <= 10.1

Unified Data Protection (UDP) * <= 7.x

Unified Data Protection (UDP) 10.2

References

https://support.arcserve.com/s/article/Important-Security...

vendor-advisorypatch

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

watchTowr