Path Traversal Vulnerability in Barracuda Service Center RMM Solution
CVE-2025-34395

8.7HIGH

Key Information:

Vendor

Barracuda Networks

Status
Rmm
Vendor
CVE Published:
10 December 2025

What is CVE-2025-34395?

The Barracuda Service Center RMM solution is susceptible to a path traversal vulnerability due to its exposure of a .NET Remoting service. An unauthenticated attacker can exploit this vulnerability to invoke sensitive methods, potentially allowing them to read arbitrary files on the server. This exposure can be further escalated to remote code execution by retrieving the .NET machine keys, posing a significant security risk for affected systems. Organizations using the affected versions are strongly advised to apply the latest patches to mitigate potential threats.

Affected Version(s)

RMM 2025.1 < 2025.1.1

References

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_...
vendor-advisorypatch
https://www.barracuda.com/products/msp/network-protection...
product
https://www.vulncheck.com/advisories/barracuda-rmm-servic...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo of watchTowr
JSON
.
CVE-2025-34395 : Path Traversal Vulnerability in Barracuda Service Center RMM Solution