Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

AI Analysis

Insecure reflection vulnerability in Barracuda RMM Service Center, allowing remote code execution through invocation of arbitrary methods or deserialization of untrusted types.

Basic Information

ID CVE-2025-34393

Source VulnCheck

Published Dec 10, 2025 at 15:45

Modified Dec 10, 2025 at 16:33

Affected Product

Vendor Barracuda Networks

Product RMM

Version 2025.1

Affected Versions Barracuda Networks RMM 2025.1

CWE Classification

CWE-470

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Barracuda Networks

Product Barracuda RMM Service Center

Version 2025.1

References

{
    "lastseen": "",
    "description": "Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.",
    "published": "2025-12-10T15:45:09.223Z",
    "modified": "2025-12-10T16:33:04.220Z",
    "type": "cve",
    "title": "Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE",
    "source": "VulnCheck",
    "references": "https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf\nhttps://www.barracuda.com/products/msp/network-protection/rmm\nhttps://www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rce",
    "id": "CVE-2025-34393",
    "bulletinFamily": "",
    "cwe": [
        "CWE-470"
    ],
    "cvelist": null,
    "sourceData": "Barracuda Networks RMM 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RMM",
    "version": "2025.1",
    "vendor": "Barracuda Networks",
    "ai_description": "Insecure reflection vulnerability in Barracuda RMM Service Center, allowing remote code execution through invocation of arbitrary methods or deserialization of untrusted types.",
    "ai_severity": "Critical",
    "ai_vendor": "Barracuda Networks",
    "ai_product": "Barracuda RMM Service Center",
    "ai_version": "2025.1",
    "ai_score": 10
}

Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE_CVE-2025-34393