Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

AI Analysis

Remote code execution vulnerability in Barracuda RMM Service Center due to insufficient protection of .NET Remoting service against deserialization of arbitrary types

Basic Information

ID CVE-2025-34394

Source VulnCheck

Published Dec 10, 2025 at 15:45

Modified Dec 10, 2025 at 16:27

Affected Product

Vendor Barracuda Networks

Product RMM

Version 2025.1

Affected Versions Barracuda Networks RMM 2025.1

CWE Classification

CWE-502

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Barracuda Networks

Product Barracuda RMM

Version 2025.1

References

{
    "lastseen": "",
    "description": "Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.",
    "published": "2025-12-10T15:45:24.092Z",
    "modified": "2025-12-10T16:27:04.782Z",
    "type": "cve",
    "title": "Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE",
    "source": "VulnCheck",
    "references": "https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf\nhttps://www.barracuda.com/products/msp/network-protection/rmm\nhttps://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-deserialization-rce",
    "id": "CVE-2025-34394",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Barracuda Networks RMM 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RMM",
    "version": "2025.1",
    "vendor": "Barracuda Networks",
    "ai_description": "Remote code execution vulnerability in Barracuda RMM Service Center due to insufficient protection of .NET Remoting service against deserialization of arbitrary types",
    "ai_severity": "Critical",
    "ai_vendor": "Barracuda Networks",
    "ai_product": "Barracuda RMM",
    "ai_version": "2025.1",
    "ai_score": 10
}

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE_CVE-2025-34394