CRITICAL🇵🇱 Wersja polska

CVE-2025-34392

CVSS 10.0v4.0pub. 2025-12-10upd. 2025-12-23

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.

🤖 AI Analysis
How it works

The application loads a WSDL (Web Services Description Language) file whose URL is controlled by the attacker, without verifying the specified address. The absolute path traversal mechanism (CWE-36) allows the attacker to force the application to write an arbitrary file to a selected location on the server. In practice, this enables uploading a webshell and subsequently executing remote system commands (RCE).

Impact

An attacker can gain full control over the server — write and execute arbitrary code (webshell), leading to RCE without the need for any credentials. It is possible to compromise the entire environment managed by the RMM platform.

Mitigation & patch

Barracuda RMM must be immediately updated to version 2025.1.1 or newer, in which the vendor has removed the described vulnerability. Patch details are available in the vendor's official release notes (Release Notes 2025.1.1).

Who is affected

Barracuda RMM (Barracuda Service Center) in all versions prior to 2025.1.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Barracuda Rmm

    APP
    Barracuda
    < 2025.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-34393CRITICAL10.0PL ✓ten sam produkt

Barracuda RMM – RCE przez insecure reflection w Service Center

CVE-2025-34394CRITICAL10.0PL ✓ten sam produkt

Barracuda RMM — RCE przez deserializację .NET Remoting w Service Center

CVE-2025-34395HIGH8.7ten sam produkt

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Re...

CVE-2023-2868CRITICAL9.4⚠ KEVten sam vendor

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor...

CVE-2023-7102CRITICAL9.8PL ✓ten sam vendor

Wstrzyknięcie parametrów w Barracuda ESG przez podatną bibliotekę Spreadsheet-ParseExcel