CVE-2025-34394

CriticalPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0052 66.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 Flaw Remediation directly mitigates this CVE by requiring timely patching of the .NET Remoting deserialization vulnerability as recommended in the vendor update to version 2025.1.1.

SI-10 Information Input Validation good match

prevent

SI-10 Information Input Validation prevents remote code execution by enforcing validation and sanitization of inputs to the exposed .NET Remoting service, blocking arbitrary type deserialization.

SC-7 Boundary Protection partial match

prevent

SC-7 Boundary Protection limits network access to the vulnerable .NET Remoting service through firewalls or other boundary controls, reducing the attack surface for unauthenticated remote exploitation.

Security SummaryAI

CVE-2025-34394 is a critical vulnerability in Barracuda Service Center, a component of the Barracuda RMM solution, affecting versions prior to 2025.1.1. The issue stems from an exposed .NET Remoting service that lacks sufficient protection against deserialization of arbitrary types, enabling remote code execution (CWE-502). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and comprehensive impact.

The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected service. Exploitation requires low complexity and no user interaction, allowing attackers to achieve full remote code execution with high impacts on confidentiality, integrity, and availability.

Advisories recommend updating to Barracuda RMM version 2025.1.1 or later for mitigation, as detailed in the release notes (https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf). Further technical analysis is available in the Vulncheck advisory (https://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-deserialization-rce) and on the Barracuda RMM product page (https://www.barracuda.com/products/msp/network-protection/rmm).

Details

CWE(s): CWE-502

Affected Products

barracuda

rmm

≤ 2025.1.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an unauthenticated deserialization flaw in a network-exposed .NET Remoting service in a public-facing application (Barracuda Service Center), directly enabling remote code execution via T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf
Release Notes · disclosure@vulncheck.com
https://www.barracuda.com/products/msp/network-protection/rmm
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-deserialization-rce
Third Party Advisory · disclosure@vulncheck.com