Barracuda

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-34395 1Barracuda 1Rmm Dec 23, 2025 Dec 10, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read a...Show more Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.Show less
CVE-2025-34394 1Barracuda 1Rmm Dec 23, 2025 Dec 10, 2025 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to r...Show more Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.Show less
CVE-2025-34393 1Barracuda 1Rmm Dec 23, 2025 Dec 10, 2025 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in r...Show more Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.Show less
CVE-2025-34392 1Barracuda 1Rmm Dec 23, 2025 Dec 10, 2025 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitr...Show more Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.Show less
CVE-2025-8319 1Barracuda 1Message Archiver Firmware Aug 6, 2025 Jul 30, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter
CVE-2023-7102 1Barracuda 5Email Security Gateway 300 Firmware Email Security Gateway 400 FirmwareEmail Security Gateway 600 Firmware+2 more Nov 21, 2024 Dec 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, un...Show more Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. Show less
CVE-2023-2868 1Barracuda 5Email Security Gateway 300 Firmware Email Security Gateway 400 FirmwareEmail Security Gateway 600 Firmware+2 more Oct 24, 2025 May 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehens...Show more A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.Show less
CVE-2023-26213 1Barracuda 7T100b Firmware T193a FirmwareT200c Firmware+4 more Mar 7, 2025 Mar 3, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated...Show more On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.Show less
CVE-2021-42711 1Barracuda 1Network Access Client Nov 21, 2024 Dec 1, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.
CVE-2019-5648 1Barracuda 1Load Balancer Adc Firmware Nov 21, 2024 Mar 12, 2020 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-control...Show more Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.Show less
CVE-2014-2595 1Barracuda 1Web Application Firewall Nov 21, 2024 Feb 12, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
CVE-2019-6724 1Barracuda 1Vpn Client Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulti...Show more The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.Show less
CVE-2018-20369 1Barracuda 1Message Archiver Nov 21, 2024 Dec 23, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
CVE-2014-8428 1Barracuda 1Load Balancer May 13, 2026 Aug 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVE-2014-8426 1Barracuda 1Load Balancer May 13, 2026 Aug 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
CVE-2017-6320 1Barracuda 1Load Balancer Adc May 13, 2026 Jul 18, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated us...Show more A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.Show less
CVE-2015-0962 1Barracuda 1Web Filter May 6, 2026 May 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attack...Show more Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.Show less
CVE-2015-0961 1Barracuda 1Web Filter May 6, 2026 May 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat...Show more Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less