CVEPublished 2025-12-101 article on news7 live referencesNVD data

CVE-2025-34392

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
10.0
CRITICAL
EPSS percentile
97
Exploit Prediction Scoring System · top 3% of all CVEs
Description

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.

Timeline
Published 2025-12-10

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2025-34392 on GitHub.