Arcserve CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Arcserve CVE published 2025-08-27

CVE-2025-34523

A critical heap-based buffer overflow vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated remote attackers to corrupt heap memory via crafted network input. The flaw stems from improper bounds checking in network-facing input handling routines. Successful exploitation may result in denial of service or arbitrary code execution depending on memory layout conditions. No user inter [truncated]

Known exploited Arcserve CVE published 2022-03-25

CVE-2015-4068

CVE-2015-4068 is a directory traversal vulnerability in Arcserve Unified Data Protection (UDP). CISA added it to the Known Exploited Vulnerabilities catalog, which means defenders should treat it as an actively risk-relevant issue and prioritize remediation using vendor guidance.