Arcserve Unified Data Protection (UDP) < 10.2 Multiple Vulnerabilities

Advisories

severity: critical
date: August 28, 2025
Affecting: All UDP versions prior to 10.2
Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2
Versions 7.x and earlier are unsupported and must be upgraded to 10.2
CVE: CVE-2025-34520 CVE-2025-34521 CVE-2025-34522 CVE-2025-34523
CVE type: Authentication Bypass, Cross-Site Scripting (XSS), Heap-Based Buffer Overflow
CVSS: 9.2
CVSS V4 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Vendor Advisory
Credit: watchTowr