Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Absolute Path Traversal in Barracuda Service Center that can lead to Remote Code Execution, Patch Immediately!
Image
Published : 12/12/2025
- Last update: 12/12/2025
- Affected software: Barracuda Service Center, versions prior to 2025.1.1
- Type: CWE-36: Absolute Path Traversal
- CVE/CVSS
→ CVE-2025-34392: CVSS 10.0 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
Barracuda - https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf
Risks
Barracuda RMM (Remote Monitoring and Management) contains Barracuda Service Center which is a web-based, centralized dashboard that assists Managed Service Providers (MSPs) to remotely monitor, manage, and secure their customers' IT environments.
A vulnerability (CVE-2025-34392) was discovered in Barracuda Service Center that allows remote, unauthorized attackers without privileges to exploit an unverified URL in a WSDL (Web Services Description Language) file.
There is no evidence that a public proof-of-concept or proof of exploitation exists as of 2025-12-11.
The impact to all three aspects of the CIA (Confidentiality, Integrity, Availability) triad is high.
Description
A network-based threat actor without any prior authentication nor user interaction can cause maximum potential damage by exploiting CVE-2025-34392.
Specifically, they can write arbitrary files to the system and upload malicious webshells. That could give them the opportunity to execute code remotely on the affected system and fully compromise it.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Please upgrade to Barracuda Service Center version 2025.1.1 or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-34392
Watchtowr labs - https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/