CVE-2026-25550
Severity CVSS v4.0:
CRITICAL
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
04/06/2026
Last modified:
04/06/2026
Description
Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL



