Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.
Barracuda Service Center (part of the RMM solution) does not properly validate the WSDL service name provided by the attacker. This flaw (CWE-470 – Use of Externally-Controlled Input to Select Classes or Code) allows for insecure reflection, i.e., dynamic invocation of arbitrary methods or deserialization of untrusted types. A remote unauthenticated attacker, without requiring user interaction, can provide crafted data to the component, leading to arbitrary code execution on the server.
An attacker can gain full control over the system running Barracuda Service Center through remote code execution (RCE) – both by invoking arbitrary methods and deserializing untrusted types. Due to the high impact on confidentiality, integrity, and availability of both the target system and related systems, the consequences of compromise may affect the entire managed infrastructure of MSP clients.
Barracuda RMM must be immediately updated to version 2025.1.1 or later. Detailed patch information is available in the official release notes at: https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf
Barracuda RMM (Barracuda Service Center) in all versions prior to 2025.1.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XBarracuda Rmm
APPBarracuda< 2025.1.1
Related vulnerabilities
Barracuda RMM: path traversal i RCE przez niezweryfikowany URL w WSDL
Barracuda RMM — RCE przez deserializację .NET Remoting w Service Center
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Re...
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor...
Wstrzyknięcie parametrów w Barracuda ESG przez podatną bibliotekę Spreadsheet-ParseExcel