CVE-2026-25551 | Seagull Software BarTender 2021 R1 through 12.0.1 contains a… | CVSS 7.8 HIGH

Description

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack surface to local access only. The endpoint is configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. A low-privileged local attacker can send YSoSerial.NET-generated BinaryFormatter payloads to the localhost-bound endpoint to achieve code execution as NT AUTHORITY\\SYSTEM.

Metadata

CVE ID: CVE-2026-25551
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-02-02 20:12 UTC
Published: 2026-06-04 17:20 UTC
Last updated: 2026-06-08 18:28 UTC
Primary CWE: CWE-502
CWE-502 Deserialization of Untrusted Data
Vendor / Product: Seagull Software, LLC. / BarTender 2021
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Seagull Software, LLC.	BarTender 2021	—	R1 ≤ 12.0.1

Weakness (CWE)

CWE	Source	Description
CWE-502	cna	CWE-502 Deserialization of Untrusted Data

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)