What is CVE-2010-20109?

CVE-2010-20109 is a vulnerability in Barracuda Networks Spam & Virus Firewall, classified under Path Traversal. Published 2025-08-21.

Is CVE-2010-20109 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Barracuda Networks Spam & Virus Firewall

CVE-2010-20109

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sani…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.553 (98.1th percentile) — read the EPSS interpretation.

Affected products

Barracuda Networks Spam & Virus Firewall — versions 0
Barracuda Networks Ssl Vpn — versions 0
Barracuda Networks Web Application Firewall — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.exploit-db.com/exploits/15130 (exploit)
web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/ (third-party-advisory)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal (third-party-advisory)

Frequently asked questions

What is CVE-2010-20109?: CVE-2010-20109 is a vulnerability in Barracuda Networks Spam & Virus Firewall, classified under Path Traversal. Published 2025-08-21.
Is CVE-2010-20109 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.