QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34395

Published: Dec 10, 2025

Modified: May 14, 2026

PUBLISHED

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.

Vendor	Product	Versions
Barracuda Networks	RMM	affected `2025.1 - < 2025.1.1`

Weaknesses (CWE)

References

https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf

vendor-advisory

patch

https://www.barracuda.com/products/msp/network-protection/rmm

product

https://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-path-traversal-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.