Description
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack surface to local access only. The endpoint is configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. A low-privileged local attacker can send YSoSerial.NET-generated BinaryFormatter payloads to the localhost-bound endpoint to achieve code execution as NT AUTHORITY\\SYSTEM.
Published: 2026-06-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Seagull
Seagull bartender 2021
Vendors & Products Seagull
Seagull bartender 2021

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack surface to local access only. The endpoint is configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. A low-privileged local attacker can send YSoSerial.NET-generated BinaryFormatter payloads to the localhost-bound endpoint to achieve code execution as NT AUTHORITY\\SYSTEM.
Title Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Seagull Bartender 2021
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-08T18:28:36.362Z

Reserved: 2026-02-02T20:12:33.395Z

Link: CVE-2026-25551

cve-icon Vulnrichment

Updated: 2026-06-08T18:28:33.870Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T18:16:28.923

Modified: 2026-06-04T19:15:17.327

Link: CVE-2026-25551

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:07:24Z

Weaknesses