Barracuda RMM Service Center Deserialization Vulnerability

CRITICAL (9.8) No Patch (13 days)
cwe-502barracudadeserialization-vulnerabilitynet-remotingremote-code-executionrmmservice-centervulnerability-type

Threat Intelligence

Low Risk
EPSS Score: 0.43% chance of exploitation (percentile: 62%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Barracuda Service Center is a remote monitoring and management (RMM) solution used by some organizations to monitor and manage their network devices. This vulnerability allows attackers to execute arbitrary code on the Barracuda Service Center server by exploiting a deserialization vulnerability in the .NET Remoting service.

Am I affected?

Affected versions: 2025.1.1 If you don't recognise this software, you're probably not affected.

Affected Products

Barracuda / RMM Service Center

How to fix

To fix this vulnerability, upgrade to Barracuda RMM Service Center version 2025.1.1 or later. You can download the latest version from the Barracuda website.

Immediate mitigations:

  • Restrict network access to your Barracuda RMM Service Center instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References