Insecure Reflection Vulnerability in Barracuda Service Center RMM Solution
CVE-2025-34393

10CRITICAL

Key Information:

Vendor

Barracuda Networks

Status
Rmm
Vendor
CVE Published:
10 December 2025

What is CVE-2025-34393?

The Barracuda Service Center in the RMM solution, prior to version 2025.1.1, has a vulnerability that fails to properly validate the name of an attacker-controlled WSDL service. This shortcoming allows for insecure reflection, potentially leading to remote code execution. Attackers could exploit this vulnerability by invoking arbitrary methods or deserializing untrusted types, thereby compromising the affected system.

Affected Version(s)

RMM 2025.1 < 2025.1.1

References

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_...
vendor-advisorypatch
https://www.barracuda.com/products/msp/network-protection...
product
https://www.vulncheck.com/advisories/barracuda-rmm-servic...
third-party-advisory

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo of watchTowr
JSON
.
CVE-2025-34393 : Insecure Reflection Vulnerability in Barracuda Service Center RMM Solution