Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
The vulnerable .NET Remoting service is exposed remotely and does not properly verify the types of deserialized data incoming from the client. An attacker can send a crafted payload containing a malicious .NET object, which after deserialization will be executed in the context of the service process. The lack of authentication requirements (PR:N, UI:N) means that the attack can be carried out by any network user without any victim interaction.
An attacker can obtain full remote code execution (RCE) on the server running Barracuda Service Center, which in practice means the ability to take control of the system managed by the RMM and potentially all end devices managed by it.
Barracuda RMM should be immediately updated to version 2025.1.1 or later, in accordance with the information in the official Release Notes from the vendor. Until the patch is deployed, it is recommended to restrict network access to the .NET Remoting service exclusively to trusted IP addresses using firewall or network segmentation.
Barracuda RMM (Barracuda Service Center) in all versions prior to 2025.1.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XBarracuda Rmm
APPBarracuda< 2025.1.1
Related vulnerabilities
Barracuda RMM: path traversal i RCE przez niezweryfikowany URL w WSDL
Barracuda RMM – RCE przez insecure reflection w Service Center
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Re...
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor...
Wstrzyknięcie parametrów w Barracuda ESG przez podatną bibliotekę Spreadsheet-ParseExcel