Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Mar 5, 2026

Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE

CVE-2025-34393

Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

Affected products

Microfocus/Service Center Serverllm-fuzzy
Range: <2025.1.1
Barracuda Networks/RMMv5
Range: 2025.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdfmitrevendor-advisorypatch
www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rcemitrethird-party-advisory
www.barracuda.com/products/msp/network-protection/rmmmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000