CVE-2025-34395 PUBLISHED

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 10.12.2025 Updated: 10.12.2025

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Barracuda Networks
Product	RMM
Versions	Default: unaffected affected from 2025.1 to 2025.1.1 (excl.)

Credits

Piotr Bazydlo of watchTowr finder

References

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE