Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.

AI Analysis

Path traversal vulnerability in Barracuda RMM Service Center allows remote code execution

Basic Information

ID CVE-2025-34395

Source VulnCheck

Published Dec 10, 2025 at 15:45

Modified Dec 10, 2025 at 16:13

Affected Product

Vendor Barracuda Networks

Product RMM

Version 2025.1

Affected Versions Barracuda Networks RMM 2025.1

CWE Classification

CWE-22

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Barracuda Networks

Product Barracuda RMM

Version 2025.1

References

{
    "lastseen": "",
    "description": "Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.",
    "published": "2025-12-10T15:45:38.385Z",
    "modified": "2025-12-10T16:13:16.457Z",
    "type": "cve",
    "title": "Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE",
    "source": "VulnCheck",
    "references": "https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf\nhttps://www.barracuda.com/products/msp/network-protection/rmm\nhttps://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-path-traversal-rce",
    "id": "CVE-2025-34395",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Barracuda Networks RMM 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RMM",
    "version": "2025.1",
    "vendor": "Barracuda Networks",
    "ai_description": "Path traversal vulnerability in Barracuda RMM Service Center allows remote code execution",
    "ai_severity": "High",
    "ai_vendor": "Barracuda Networks",
    "ai_product": "Barracuda RMM",
    "ai_version": "2025.1",
    "ai_score": 8.7
}

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE_CVE-2025-34395