Remote Code Execution Vulnerability in Barracuda Service Center RMM Solution
CVE-2025-34394

10CRITICAL

Key Information:

Vendor

Barracuda Networks

Status
Rmm
Vendor
CVE Published:
10 December 2025

What is CVE-2025-34394?

The Barracuda Service Center RMM solution prior to version 2025.1.1 contains a vulnerability in its .NET Remoting service that fails to adequately protect against the deserialization of arbitrary types. This flaw presents a significant risk as it allows an attacker to execute arbitrary code on the server, leading to potential unauthorized access and control over affected systems. It is crucial for users to apply the latest updates to mitigate this risk.

Affected Version(s)

RMM 2025.1 < 2025.1.1

References

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_...
vendor-advisorypatch
https://www.barracuda.com/products/msp/network-protection...
product
https://www.vulncheck.com/advisories/barracuda-rmm-servic...
third-party-advisory

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo of watchTowr
JSON
.
CVE-2025-34394 : Remote Code Execution Vulnerability in Barracuda Service Center RMM Solution