CVE-2025-34394 PUBLISHED

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 10.12.2025 Updated: 10.12.2025

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 10

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Barracuda Networks
Product	RMM
Versions	Default: unaffected affected from 2025.1 to 2025.1.1 (excl.)

CVE-2025-34394 PUBLISHED

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

Metrics

Product Status

Credits

References

Problem Types