cbcvebase.

Barracuda Networks Rmm vulnerabilities

5 known vulnerabilities affecting barracuda_networks/rmm.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-34392P2CRITICALCVSS 9.8≥ 2025.1, < 2025.1.12025-12-10
CVE-2025-34392 [CRITICAL] CWE-36 CVE-2025-34392: Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does no Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.
nvd
CVE-2025-34393P2CRITICALCVSS 9.8≥ 2025.1, < 2025.1.12025-12-10
CVE-2025-34393 [CRITICAL] CWE-470 CVE-2025-34393: Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does no Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.
nvd
CVE-2025-34394P2CRITICALCVSS 9.8≥ 2025.1, < 2025.1.12025-12-10
CVE-2025-34394 [CRITICAL] CWE-502 CVE-2025-34394: Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
nvd
CVE-2025-34395P3HIGHCVSS 7.5≥ 2025.1, < 2025.1.12025-12-10
CVE-2025-34395 [HIGH] CWE-22 CVE-2025-34395: Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.
nvd
CVE-2026-22676P3HIGHCVSS 7.8fixed in 2025.2.22026-04-15
CVE-2026-22676 [HIGH] CWE-732 CVE-2026-22676: Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows lo Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then e
nvd
Barracuda Networks Rmm vulnerabilities | cvebase