CVE-2025-34393

UNKNOWN 0.0

Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

CWE	CWE-470
Vendor	barracuda networks
Product	rmm
Published	Dec 10, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for barracuda networks rmm

Be the first to know when new unknown vulnerabilities affecting barracuda networks rmm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Barracuda Networks / RMM

2025.1 < 2025.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

download.mw-rmm.barracudamsp.com: https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf barracuda.com: https://www.barracuda.com/products/msp/network-protection/rmm vulncheck.com: https://www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rce

Credits

Piotr Bazydlo of watchTowr