Primary

Context

Barracuda RMM .NET Remoting Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability exists in Barracuda Service Center's RMM solution, in versions prior to 2025.1.1. The issue arises from a .NET Remoting service that inadequately safeguards against the deserialization of arbitrary types.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users are advised to update to Barracuda RMM version 2025.1.1 or later. The HotFix for this update is available at the bottom of the Previous Versions page on Barracuda Campus, but requires a Campus account and login.

Added: Dec 10, 2025, 4:27 PM

Updated: Dec 10, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Barracuda RMM .NET Remoting Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating