CVE-2025-34393

Critical CVSS: 10.0

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

Vendor

Barracuda

Product

Rmm

CWE

CWE-470

Yayın Tarihi

2025-12-10 16:16:24

Güncelleme

2025-12-23 14:39:58

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-470 Rmm CRITICAL Barracuda 2025

Referanslar

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf https://www.barracuda.com/products/msp/network-protection/rmm https://www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rce

Benzer Kayıtlar

Critical

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL def…

Critical

CVE-2025-34394

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting ser…

High

CVE-2025-34395

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting ser…

Medium

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model…