Vulnerability fixed in Barracuda Service Center

Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...

EUVD-2025-202447

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

EUVD-2025-202446

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or...

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

CVE-2025-34393

Barracuda Service Center (RMM solution) before 2025.1.1 is affected. The root cause is improper validation of the name of an attacker-controlled WSDL service, enabling insecure reflection that can lead to remote code execution via invocation of arbitrary methods or deserialization of untrusted ty...

CVE-2025-34392

Barracuda Service Center (as implemented in Barracuda RMM) prior to version 2025.1.1 contains an insufficient WSDL URL validation in attacker-controlled WSDLs, enabling arbitrary file write and remote code execution via webshell uploads. Affected products include Barracuda RMM’s Service Center in...

PT-2025-50336

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description The Barracuda Service Center, within the RMM solution, improperly validates the name of a WSDL service controlled by an attacker. This insecure reflection can lead to remote code...

EUVD-2018-8603

Malware in sbrugna...

EUVD-2013-1666

Malware in sbrugna...

EUVD-2017-7849

Malware in sbrugna...

EUVD-2013-6304

Malware in sbrugna...

EUVD-2009-0039

Malware in sbrugna...

EUVD-2008-0870

Malware in sbrugna...

EUVD-2007-2348

Malware in sbrugna...

EUVD-2013-0477

Malware in sbrugna...

EUVD-2022-33812

Malicious code in bioql PyPI...

EUVD-2023-51177

Malicious code in bioql PyPI...

EUVD-2023-33400

Malicious code in bioql PyPI...