Primary

Context

Barracuda RMM .NET Remoting Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability exists in Barracuda Service Center's Remote Monitoring and Management (RMM) solution, in versions prior to 2025.1.1. The issue arises from the exposure of a .NET Remoting service that allows an unauthenticated attacker to invoke a method susceptible to path traversal, enabling the reading of arbitrary files. This vulnerability can be escalated to remote code execution by accessing the .NET machine keys.

Impact

Exploitation of this vulnerability allows for unauthorized file access through path traversal, which can be leveraged to execute arbitrary code remotely by retrieving the .NET machine keys.

Remediation

Users are advised to update to Barracuda RMM version 2025.1.1 or later. The HotFix download package is available on the Barracuda Campus, at the bottom of the Previous Versions page.

Added: Dec 10, 2025, 4:27 PM

Updated: Dec 10, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Barracuda RMM .NET Remoting Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating