Can you explain this vulnerability to me?

CVE-2026-25550 is a critical unauthenticated remote code execution vulnerability in Seagull Software BarTender versions 2010, 2016, and 2019. It exists in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service exposes an unauthenticated singleton endpoint configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full, allowing an attacker to exploit .NET Remoting object deserialization.

An unauthenticated remote attacker can read or write arbitrary files on the server using the .NET WebClient class or coerce NTLMv2 authentication by supplying a UNC path to an attacker-controlled server. This enables sensitive credential disclosure, remote code execution, or lateral movement depending on the service account privileges and network environment. The service runs with NT AUTHORITY\SYSTEM privileges, making the impact severe.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized remote code execution on the affected server, allowing attackers to execute arbitrary commands with SYSTEM-level privileges.

• Disclosure of sensitive credentials via coerced NTLMv2 authentication.
• Reading or writing arbitrary files on the server, potentially leading to data theft or corruption.
• Lateral movement within the network depending on the privileges of the service account and network environment.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe in Seagull Software BarTender versions 2010, 2016, and 2019. To detect it on your network or system, you can check for the presence of this service listening on TCP port 7375.

A common approach is to scan your network or host for open TCP port 7375 to identify if the vulnerable service is running.

• Use nmap to scan for open port 7375: nmap -p 7375 <target-ip>
• On the host, use netstat or similar tools to check if BtSystem.Service.exe is listening on port 7375: netstat -anb | findstr 7375
• Check running processes for BtSystem.Service.exe to confirm the vulnerable service is active.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to TCP port 7375 to trusted hosts only, such as by applying firewall rules to block external or untrusted network access to this port.

If possible, disable or stop the BtSystem.Service.exe service until a patch or update is applied.

Apply any available patches or updates from Seagull Software to fix the vulnerability in BarTender versions 2010, 2016, and 2019.

Monitor network traffic for suspicious activity targeting port 7375 and review logs for unauthorized access attempts.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows unauthenticated remote code execution, sensitive credential disclosure, and potential lateral movement within a network. Such security weaknesses can lead to unauthorized access to sensitive data and systems.

This type of vulnerability can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information through strong access controls and secure system configurations.

Exploitation of this vulnerability could result in data breaches or unauthorized data access, which are violations of these regulations and could lead to legal and financial consequences for affected organizations.

Useful 0 Not Useful 0