CVE-2025-34394: Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE
Published Dec 10, 2025
·Updated
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
Affected Software
2 affected components
Barracuda RMM<2025.1.1
Barracuda RMM<2025.1.1
Event History
Dec 10, 2025
CVE Published
via MITRE·03:45 PM
Data Sourced
via MITRE·03:45 PM
DescriptionWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-34394?
CVE-2025-34394 has a high severity rating due to its potential for remote code execution.
2
How do I fix CVE-2025-34394?
To mitigate CVE-2025-34394, upgrade to Barracuda RMM version 2025.1.1 or later.
3
What systems are affected by CVE-2025-34394?
CVE-2025-34394 affects Barracuda RMM solutions prior to version 2025.1.1.
4
What type of vulnerability is CVE-2025-34394?
CVE-2025-34394 is a deserialization vulnerability in a .NET Remoting service.
5
Can CVE-2025-34394 lead to data breaches?
Yes, CVE-2025-34394 can enable remote code execution, potentially leading to data breaches.