RCE Vulnerabilities in Barracuda RMM Service Center – Hotfix Available
Overview
Barracuda was notified of remote code execution (RCE) vulnerabilities impacting the Barracuda RMM Service Center. Upon notification, Barracuda immediately initiated a comprehensive remediation process.
We have no evidence that these vulnerabilities are currently being exploited, and they do not impact any other Barracuda solutions.
Action Taken and Guidance
A hotfix was released and details were published on September 17, 2025, addressing the issues. All Barracuda cloud-hosted RMM Service Center environments were fully patched as of that date.
Customers operating self-hosted RMM Service Center environments should immediately apply the hotfix: https://campus.barracuda.com/product/managedworkplace/doc/169290610/previous-versions-of-barracuda-rmm#_35a5fabc
Commitment to Security
Barracuda remains committed to transparency and proactive security practices. We will continue to provide timely notifications in accordance with our security commitments and applicable law. Protecting your business is our highest priority.
For assistance, contact Barracuda Support at support@barracuda.com.
References
