Barracuda

Security Risk Profile

/100

high

Security Risk Score

Comprehensive risk assessment based on 25 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from May 25, 2015 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

8.3

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

71/100

high

⚠️ 2 Active Exploits⚡ 6 Zero-Days

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Path Traversal

Command Injection

XSS

Buffer Overflow

OS Command Injection

Most Affected Products

1. Barracuda Web Filter7

2. Barracuda RMM5

3. Barracuda Email Security Gateway5

4. Barracuda Email Security Gateway 300 Firmware3

5. Barracuda Email Security Gateway 400 Firmware3

Recent Vulnerabilities

See more →

CVE-2026-22676

CVSS 8.5high

Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions

4/15/2026🔧 No Patch

CVE-2025-34395

CVSS 8.7high

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE

12/10/2025🔧 No Patch

CVE-2025-34394

CVSS 10.0critical

Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE

12/10/2025🔧 No Patch

CVE-2025-34393

CVSS 10.0critical

Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE

12/10/2025🔧 No Patch

CVE-2025-34392

CVSS 10.0critical

Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE

12/10/2025🔧 No Patch

https://www.theregister.com/2025/09/08/salt_typhoon_domains/

unknown

Salt Typhoon used dozens of domains, going back five years. Did you visit one?

9/8/2025🔧 No Patch

CVE-2010-20109

CVSS 8.7high

Barracuda Spam & Virus Firewall "locale" Path Traversal

8/21/2025🔧 No Patch

CVE-2025-8319

CVSS 6.1EPSS 0%medium

7/29/2025🔧 No Patch

https://www.bleepingcomputer.com/news/security/belgium-probes-if-chinese-hackers-breached-its-intelligence-service/

unknown

Belgium probes if Chinese hackers breached its intelligence service

2/27/2025⚡ Zero-Day🔧 No Patch

https://www.bleepingcomputer.com/news/security/belgium-probes-chinese-hack-behind-intelligence-service-breach/

unknown

Belgium probes if Chinese hackers breached its intelligence service

2/27/2025⚠ Exploited⚡ Zero-Day🔧 No Patch

Monitor Barracuda in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo

Barracuda

Security Risk Score

Threat Assessment

Severity Distribution

Exploit Likelihood

Age Distribution

Common Weaknesses (CWE)

Most Affected Products

Recent Vulnerabilities

Monitor Barracuda in Real-Time

Monitor Your Software Stack in Real-Time