GCVE - cpe:2.3:a:barracuda:rmm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:barracuda:rmm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Barracuda (`e0123b87-3b17-55c2-9356-13686d24ca66`)
Product	Rmm (`d90a0144-9ff4-54ac-b226-c4b44656b693`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-34395`	vulnerable	2026-06-03 15:00:44.520176	Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys. Published: 2025-12-10T15:45:38.385Z Updated: 2026-05-14T02:08:18.153Z Open on db.gcve.eu Reference links https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf https://www.barracuda.com/products/msp/network-protection/rmm https://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-path-traversal-rce	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34394`	vulnerable	2026-06-03 15:00:44.519727	Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. Published: 2025-12-10T15:45:24.092Z Updated: 2026-05-14T02:08:17.389Z Open on db.gcve.eu Reference links https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf https://www.barracuda.com/products/msp/network-protection/rmm https://www.vulncheck.com/advisories/barracuda-rmm-service-center-net-remoting-deserialization-rce	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34393`	vulnerable	2026-06-03 15:00:44.519095	Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types. Published: 2025-12-10T15:45:09.223Z Updated: 2026-05-14T02:08:16.586Z Open on db.gcve.eu Reference links https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf https://www.barracuda.com/products/msp/network-protection/rmm https://www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rce	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34392`	vulnerable	2026-06-03 15:00:44.518539	Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload. Published: 2025-12-10T15:44:52.631Z Updated: 2026-05-14T02:08:15.643Z Open on db.gcve.eu Reference links https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf https://www.barracuda.com/products/msp/network-protection/rmm https://www.vulncheck.com/advisories/barracuda-rmm-service-center-absolute-path-traversal-rce https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.