Barracuda RMM Service Center Vulnerability

CRITICAL (9.8) No Patch (13 days)
cwe-36absolute-path-traversal-rcebarracudaremote-code-executionrmmservice-centerwebshell-upload

Threat Intelligence

Low Risk
EPSS Score: 0.46% chance of exploitation (percentile: 63%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Barracuda RMM (Remote Monitoring and Management) Service Center is a software solution used by some organizations to monitor and manage their remote devices. This vulnerability allows attackers to execute arbitrary code on the server by exploiting a webshell upload, potentially leading to remote code execution and data breaches.

Am I affected?

Affected versions: 2025.1.1 If you don't recognise this software, you're probably not affected.

Affected Products

Barracuda / RMM Service Center

How to fix

To fix this vulnerability:

  • Upgrade to Barracuda RMM Service Center version 2025.1.1 or later: https://www.barracuda.com/products/msp/network-protection/rmm
  • Immediate mitigations:
    • Restrict network access to your RMM instance (firewall it from the public internet)
    • Audit admin account activity for suspicious access patterns
    • Monitor for unauthorized token creation

References