CVE-2026-25551 is an insecure deserialization vulnerability in Seagull Software BarTender 2021 R1 through 12.0.1. The vulnerability allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint, bound to localhost on TCP port 7375 via BtSystem.Service.exe, limits the attack surface to local access only. The endpoint is configured with BinaryServerFormatterSinkPr [truncated]
CRITICALSeagull Software, LLC.CVE published 2026-06-04
CVE-2026-25550 is a critical unauthenticated remote code execution vulnerability in Seagull Software BarTender 2010, 2016, and 2019. The vulnerability exists in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured wi [truncated]
