CVE-2025-34394 CRITICAL

CVE-2025-34394: Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

Vendor Barracuda Networks
Product RMM
Weakness CWE-502 · Unsafe deserialization
Published December 10, 2025
Last update May 14, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
May 14, 2026 Record updated