Search criteria
38 vulnerabilities by Ubiquiti Inc
CVE-2026-21639 (GCVE-0-2026-21639)
Vulnerability from cvelistv5 – Published: 2026-01-08 16:14 – Updated: 2026-01-08 17:21
VLAI?
Summary
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.
Affected Products:
airMAX AC (Version 8.7.20 and earlier)
airMAX M (Version 6.3.22 and earlier)
airFiber AF60-XG (Version 1.2.2 and earlier)
airFiber AF60 (Version 2.6.7 and earlier)
Mitigation:
Update your airMAX AC to Version 8.7.21 or later.
Update your airMAX M to Version 6.3.24 or later.
Update your airFiber AF60-XG to Version 1.2.3 or later.
Update your airFiber AF60 to Version 2.6.8 or later.
Severity ?
5.4 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | airMAX AC |
Affected:
0 , < 8.7.21
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-21639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T17:09:52.634464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T17:21:53.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "airMAX AC",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "8.7.21",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "airMAX M",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.3.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "airFiber AF60-XG",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "airFiber AF60",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.6.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nairMAX AC (Version 8.7.20 and earlier)\r\nairMAX M (Version 6.3.22 and earlier)\r\nairFiber AF60-XG (Version 1.2.2 and earlier)\r\nairFiber AF60 (Version 2.6.7 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your airMAX AC to Version 8.7.21 or later.\r\nUpdate your airMAX M to Version 6.3.24 or later.\r\nUpdate your airFiber AF60-XG to Version 1.2.3 or later.\r\nUpdate your airFiber AF60 to Version 2.6.8 or later."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T16:14:22.626Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21639",
"datePublished": "2026-01-08T16:14:22.626Z",
"dateReserved": "2026-01-01T15:00:02.339Z",
"dateUpdated": "2026-01-08T17:21:53.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21638 (GCVE-0-2026-21638)
Vulnerability from cvelistv5 – Published: 2026-01-08 16:14 – Updated: 2026-01-08 16:48
VLAI?
Summary
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.
Affected Products:
UBB-XG (Version 1.2.2 and earlier)
UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier)
UBB (Version 3.1.5 and earlier)
Mitigation:
Update your UBB-XG to Version 1.2.3 or later.
Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later.
Update your UBB to Version 3.1.7 or later.
Severity ?
8.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UBB-XG |
Affected:
0 , < 1.2.3
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T16:48:03.850272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T16:48:23.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UBB-XG",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDB-Pro/UDB-Pro-Sector",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBB",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "3.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.\r\n\r\n\r\nAffected Products:\r\nUBB-XG (Version 1.2.2 and earlier) \r\nUDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) \r\nUBB (Version 3.1.5 and earlier) \r\n \r\nMitigation:\r\nUpdate your UBB-XG to Version 1.2.3 or later.\r\nUpdate your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later.\r\nUpdate your UBB to Version 3.1.7 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T16:14:22.563Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-060-060/cde18da7-2bc4-41bb-a9cc-48a4a4c479c1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21638",
"datePublished": "2026-01-08T16:14:22.563Z",
"dateReserved": "2026-01-01T15:00:02.339Z",
"dateUpdated": "2026-01-08T16:48:23.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21635 (GCVE-0-2026-21635)
Vulnerability from cvelistv5 – Published: 2026-01-05 16:47 – Updated: 2026-01-07 15:19
VLAI?
Summary
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Lite |
Affected:
0 , < 1.6.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T19:38:40.411282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:19:03.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T16:47:39.081Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21635",
"datePublished": "2026-01-05T16:47:39.081Z",
"dateReserved": "2026-01-01T15:00:02.338Z",
"dateUpdated": "2026-01-07T15:19:03.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21633 (GCVE-0-2026-21633)
Vulnerability from cvelistv5 – Published: 2026-01-05 16:47 – Updated: 2026-01-05 21:03
VLAI?
Summary
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
6.1.79 , < 6.2.72
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:03:35.276072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:03:40.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.2.72",
"status": "affected",
"version": "6.1.79",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Protect Application (Version 6.1.79 and earlier).\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your UniFi Protect Application to Version 6.2.72 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T16:47:38.510Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21633",
"datePublished": "2026-01-05T16:47:38.510Z",
"dateReserved": "2026-01-01T15:00:02.338Z",
"dateUpdated": "2026-01-05T21:03:40.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59467 (GCVE-0-2025-59467)
Vulnerability from cvelistv5 – Published: 2026-01-05 16:47 – Updated: 2026-01-05 20:58
VLAI?
Summary
A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page.
This plugin is disabled by default.
Affected Products:
UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier)
Mitigation:
Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UCRM Argentina AFIP invoices Plugin |
Affected:
0 , ≤ 1.2.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:57:48.869087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:58:05.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCRM Argentina AFIP invoices Plugin",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThanOrEqual": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. \n\nThis plugin is disabled by default.\n\n\nAffected Products:\nUCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier)\n\n \n\nMitigation:\nUpdate UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T16:47:38.557Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-057/6d3f2a51-22b8-47a1-9296-1e9dcd64e073"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-59467",
"datePublished": "2026-01-05T16:47:38.557Z",
"dateReserved": "2025-09-16T15:00:07.876Z",
"dateUpdated": "2026-01-05T20:58:05.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21634 (GCVE-0-2026-21634)
Vulnerability from cvelistv5 – Published: 2026-01-05 16:47 – Updated: 2026-01-05 20:42
VLAI?
Summary
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart.
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.
Severity ?
6.5 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
6.1.79 , < 6.2.72
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:42:03.431328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:42:08.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.2.72",
"status": "affected",
"version": "6.1.79",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart.\r\n\r\n\r\nAffected Products:\r\nUniFi Protect Application (Version 6.1.79 and earlier). \r\n \r\nMitigation:\r\nUpdate your UniFi Protect Application to Version 6.2.72 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T16:47:38.917Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21634",
"datePublished": "2026-01-05T16:47:38.917Z",
"dateReserved": "2026-01-01T15:00:02.338Z",
"dateUpdated": "2026-01-05T20:42:08.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52663 (GCVE-0-2025-52663)
Vulnerability from cvelistv5 – Published: 2025-10-30 23:30 – Updated: 2025-12-02 18:30
VLAI?
Summary
A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.
Affected Products:
UniFi Talk Touch (Version 1.21.16 and earlier)
UniFi Talk Touch Max (Version 2.21.22 and earlier)
UniFi Talk G3 Phones (Version 3.21.26 and earlier)
Mitigation:
Update the UniFi Talk Touch to Version 1.21.17 or later.
Update the UniFi Talk Touch Max to Version 2.21.23 or later.
Update the UniFi Talk G3 Phones to Version 3.21.27 or later.
Severity ?
7.3 (High)
CWE
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Talk Touch |
Unaffected:
1.21.17 , < 1.21.17
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T15:36:11.348827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:30:25.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "UniFi Talk Touch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.21.17",
"status": "unaffected",
"version": "1.21.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "UniFi Talk Touch Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.21.23",
"status": "unaffected",
"version": "2.21.23",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "UniFi Talk G3 Phones",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "3.21.27",
"status": "unaffected",
"version": "3.21.27",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.\r\n\r\n\r\nAffected Products:\r\nUniFi Talk Touch (Version 1.21.16 and earlier) \r\nUniFi Talk Touch Max (Version 2.21.22 and earlier) \r\nUniFi Talk G3 Phones (Version 3.21.26 and earlier) \r\n \r\nMitigation:\r\nUpdate the UniFi Talk Touch to Version 1.21.17 or later.\r\nUpdate the UniFi Talk Touch Max to Version 2.21.23 or later.\r\nUpdate the UniFi Talk G3 Phones to Version 3.21.27 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:30:28.298Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52663",
"datePublished": "2025-10-30T23:30:28.298Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-12-02T18:30:25.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52665 (GCVE-0-2025-52665)
Vulnerability from cvelistv5 – Published: 2025-10-30 23:30 – Updated: 2025-10-31 14:07
VLAI?
Summary
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.
Affected Products:
UniFi Access Application (Version 3.3.22 through 3.4.31).
Mitigation:
Update your UniFi Access Application to Version 4.0.21 or later.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Application |
Affected:
3.3.22 , ≤ 3.4.31
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:05:32.616691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:07:27.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Access Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThanOrEqual": "3.4.31",
"status": "affected",
"version": "3.3.22",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the management network could exploit a misconfiguration in UniFi\u2019s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.\u00a0\n \nAffected Products:\nUniFi Access Application (Version 3.3.22 through 3.4.31). \u2028 \n\nMitigation:\nUpdate your UniFi Access Application to Version 4.0.21 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:30:28.329Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52665",
"datePublished": "2025-10-30T23:30:28.329Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-10-31T14:07:27.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48979 (GCVE-0-2025-48979)
Vulnerability from cvelistv5 – Published: 2025-08-28 23:07 – Updated: 2025-08-29 13:17
VLAI?
Summary
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:16:20.270047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:17:04.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T23:07:04.604Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48979",
"datePublished": "2025-08-28T23:07:04.604Z",
"dateReserved": "2025-05-29T15:00:04.773Z",
"dateUpdated": "2025-08-29T13:17:04.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27214 (GCVE-0-2025-27214)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
Mitigation:
Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Pro |
Affected:
1.5.27 , < 1.5.27
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:09.292964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:51.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.27",
"status": "affected",
"version": "1.5.27",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.186Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27214",
"datePublished": "2025-08-21T00:01:24.186Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:51.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48978 (GCVE-0-2025-48978)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:16
VLAI?
Summary
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Affected Products:
EdgeMAX EdgeSwitch (Version 1.11.0 and earlier)
Mitigation:
Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.
Severity ?
7.5 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | EdgeMAX EdgeSwitch |
Affected:
1.11.1 , < 1.11.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:15:24.082992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:16:25.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EdgeMAX EdgeSwitch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "1.11.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.\r\n\r\nAffected Products:\r\n\r\nEdgeMAX EdgeSwitch (Version 1.11.0 and earlier) \r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate the EdgeMAX EdgeSwitch to Version 1.11.1 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.208Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-054-054/3033f0b7-aca6-4d70-8c51-d3e706bd0ca7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48978",
"datePublished": "2025-08-21T00:01:24.208Z",
"dateReserved": "2025-05-29T15:00:04.772Z",
"dateUpdated": "2025-08-21T14:16:25.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27217 (GCVE-0-2025-27217)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:47
VLAI?
Summary
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
Severity ?
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:24.559394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:47:06.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.159Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/UISP-Application-2-4-220/b428b276-c4a6-4b90-b97b-1860ff2bb46d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27217",
"datePublished": "2025-08-21T00:01:24.159Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:47:06.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27213 (GCVE-0-2025-27213)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:07
VLAI?
Summary
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.9.301 and earlier)
UniFi Connect Display Cast Pro (Version 1.0.78 and earlier)
UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)
Mitigation:
Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Update UniFi Connect Display to Version 1.13.6 or later
Update UniFi Connect Display Cast to Version 1.10.3 or later
Update UniFi Connect Display Cast Pro to Version 1.0.83 or later
Update UniFi Connect Display Cast Lite to Version 1.1.3 or later
Severity ?
4.9 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Pro |
Affected:
1.5.27 , < 1.5.27
(semver)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:07:33.904511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:07:45.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.27",
"status": "affected",
"version": "1.5.27",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.13.6",
"status": "affected",
"version": "1.13.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.10.3",
"status": "affected",
"version": "1.10.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.0.83",
"status": "affected",
"version": "1.0.83",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "1.1.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\nUniFi Connect Display (Version 1.9.324 and earlier)\r\nUniFi Connect Display Cast (Version 1.9.301 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.78 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later\r\nUpdate UniFi Connect Display to Version 1.13.6 or later\r\nUpdate UniFi Connect Display Cast to Version 1.10.3 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.83 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.3 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.222Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27213",
"datePublished": "2025-08-21T00:01:24.222Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:07:45.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27215 (GCVE-0-2025-27215)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.
Affected Products:
UniFi Connect Display Cast (Version 1.10.3 and earlier)
UniFi Connect Display Cast Pro (Version 1.0.89 and earlier)
UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)
Mitigation:
Update UniFi Connect Display Cast to Version 1.10.7 or later
Update UniFi Connect Display Cast Pro to Version 1.0.94 or later
Update UniFi Connect Display Cast Lite to Version 1.1.8 or later
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect Display Cast |
Affected:
1.10.7 , < 1.10.7
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:51:00.551541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:44.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.10.7",
"status": "affected",
"version": "1.10.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.0.94",
"status": "affected",
"version": "1.0.94",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.8",
"status": "affected",
"version": "1.1.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect Display Cast (Version 1.10.3 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.89 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect Display Cast to Version 1.10.7 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.94 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.8 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.190Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27215",
"datePublished": "2025-08-21T00:01:24.190Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:44.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24285 (GCVE-0-2025-24285)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-22 03:55
VLAI?
Summary
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite.
Affected Products:
UniFi Connect EV Station Lite (Version 1.5.1 and earlier)
Mitigation:
Update UniFi Connect EV Station Lite to Version 1.5.2 or later
Severity ?
9.8 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Lite |
Affected:
1.5.2 , < 1.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T03:55:39.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "1.5.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite.\r\n \r\nAffected Products:\r\nUniFi Connect EV Station Lite (Version 1.5.1 and earlier)\r\n \r\nMitigation:\r\nUpdate UniFi Connect EV Station Lite to Version 1.5.2 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.227Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24285",
"datePublished": "2025-08-21T00:01:24.227Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-08-22T03:55:39.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27216 (GCVE-0-2025-27216)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:16.906646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:58.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.177Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27216",
"datePublished": "2025-08-21T00:01:24.177Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:58.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27212 (GCVE-0-2025-27212)
Vulnerability from cvelistv5 – Published: 2025-08-04 22:12 – Updated: 2025-08-05 13:33
VLAI?
Summary
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Reader Pro |
Affected:
2.15.9 , < 2.15.9
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:29:55.643740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:33:09.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Access Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.15.9",
"status": "affected",
"version": "2.15.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G2 Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.23",
"status": "affected",
"version": "1.11.23",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G3 Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.22",
"status": "affected",
"version": "1.11.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.22",
"status": "affected",
"version": "1.8.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G3 Intercom",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.22",
"status": "affected",
"version": "1.8.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom Viewer",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.4.39",
"status": "affected",
"version": "1.4.39",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.\r\n\r\n \r\n\r\nAffected Products:\r\nUniFi Access Reader Pro (Version 2.14.21 and earlier)\r\nUniFi Access G2 Reader Pro (Version 1.10.32 and earlier)\r\nUniFi Access G3 Reader Pro (Version 1.10.30 and earlier)\r\nUniFi Access Intercom (Version 1.7.28 and earlier)\r\nUniFi Access G3 Intercom (Version 1.7.29 and earlier)\r\nUniFi Access Intercom Viewer (Version 1.3.20 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\nUpdate UniFi Access Reader Pro Version 2.15.9 or later\r\nUpdate UniFi Access G2 Reader Pro Version 1.11.23 or later\r\nUpdate UniFi Access G3 Reader Pro Version 1.11.22 or later\r\nUpdate UniFi Access Intercom Version 1.8.22 or later\r\nUpdate UniFi Access G3 Intercom Version 1.8.22 or later\r\nUpdate UniFi Access Intercom Viewer Version 1.4.39 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T22:12:18.820Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27212",
"datePublished": "2025-08-04T22:12:18.820Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-05T13:33:09.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27211 (GCVE-0-2025-27211)
Vulnerability from cvelistv5 – Published: 2025-08-04 22:12 – Updated: 2025-08-05 13:26
VLAI?
Summary
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | EdgeMAX EdgeSwitch |
Unaffected:
1.11.0 , < 1.11.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:22:10.644805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:26:05.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "EdgeMAX EdgeSwitch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.0",
"status": "unaffected",
"version": "1.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T22:12:18.821Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-050-050/f82b1701-58a1-4b7d-9e20-82d50e3e1961"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27211",
"datePublished": "2025-08-04T22:12:18.821Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-05T13:26:05.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24292 (GCVE-0-2025-24292)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 13:32
VLAI?
Summary
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
Severity ?
6.8 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
9.2.87 , < 9.2.87
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:12:10.999551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:09.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "9.2.87",
"status": "affected",
"version": "9.2.87",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device\u2019s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:08.070Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-049-049/7a019b27-6c77-4500-bec8-596cd87c9292"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24292",
"datePublished": "2025-06-29T19:25:08.070Z",
"dateReserved": "2025-01-17T01:00:07.458Z",
"dateUpdated": "2025-06-30T13:32:09.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24290 (GCVE-0-2025-24290)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 14:52
VLAI?
Summary
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.211 , < 2.4.211
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T14:51:30.158712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:52:45.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.211",
"status": "affected",
"version": "2.4.211",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:07.152Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24290",
"datePublished": "2025-06-29T19:25:07.152Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-06-30T14:52:45.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24289 (GCVE-0-2025-24289)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 15:29
VLAI?
Summary
A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UCRM Client Signup Plugin |
Affected:
1.3.5 , < 1.3.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T15:29:02.494473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T15:29:38.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCRM Client Signup Plugin",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:06.254Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24289",
"datePublished": "2025-06-29T19:25:06.254Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-06-30T15:29:38.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23164 (GCVE-0-2025-23164)
Vulnerability from cvelistv5 – Published: 2025-05-19 01:25 – Updated: 2025-05-19 14:45
VLAI?
Summary
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.
Severity ?
4.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
5.3.45 , < 5.3.45
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:43:09.419854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:45:25.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.3.45",
"status": "affected",
"version": "5.3.45",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a \"Share Livestream\" link to maintain access to the corresponding livestream subsequent to such link becoming disabled."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T01:25:08.458Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23164",
"datePublished": "2025-05-19T01:25:08.458Z",
"dateReserved": "2025-01-12T01:00:00.648Z",
"dateUpdated": "2025-05-19T14:45:25.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23123 (GCVE-0-2025-23123)
Vulnerability from cvelistv5 – Published: 2025-05-19 01:25 – Updated: 2025-05-19 13:59
VLAI?
Summary
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
Severity ?
10 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.75.62 , < 4.75.62
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T13:59:29.424014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T13:59:32.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.75.62",
"status": "affected",
"version": "4.75.62",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T01:25:08.467Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23123",
"datePublished": "2025-05-19T01:25:08.467Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-05-19T13:59:32.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23117 (GCVE-0-2025-23117)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-05 15:26
VLAI?
Summary
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.
Severity ?
6.8 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-23117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T15:08:02.603284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:26:14.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system."
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.149Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23117",
"datePublished": "2025-03-01T01:52:36.149Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-05T15:26:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23118 (GCVE-0-2025-23118)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:14
VLAI?
Summary
An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.
Severity ?
6.4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:14:00.440644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:14:53.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.138Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23118",
"datePublished": "2025-03-01T01:52:36.138Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:14:53.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23116 (GCVE-0-2025-23116)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:12
VLAI?
Summary
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.
Severity ?
9.6 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
5.2.49 , < 5.2.49
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:12:32.779660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:12:37.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.2.49",
"status": "affected",
"version": "5.2.49",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.160Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23116",
"datePublished": "2025-03-01T01:52:36.160Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:12:37.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23115 (GCVE-0-2025-23115)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-13 17:49
VLAI?
Summary
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.
Severity ?
9 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:54:54.791630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T17:49:18.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.149Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23115",
"datePublished": "2025-03-01T01:52:36.149Z",
"dateReserved": "2025-01-11T01:00:00.617Z",
"dateUpdated": "2025-03-13T17:49:18.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23119 (GCVE-0-2025-23119)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:07
VLAI?
Summary
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network.
Severity ?
7.5 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:01:54.001224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:07:42.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.226Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23119",
"datePublished": "2025-03-01T01:52:36.226Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:07:42.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23091 (GCVE-0-2025-23091)
Vulnerability from cvelistv5 – Published: 2025-02-01 06:53 – Updated: 2025-03-13 12:54
VLAI?
Summary
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UDM |
Affected:
4.1.13 , < 4.1.13
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:47:37.586798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T12:54:46.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UDM",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-SE",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-Pro-Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDW",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNVR",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNVR PRO",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCKP",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCK",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCK-Enterprise",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCG-Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EFG",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T06:53:09.114Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23091",
"datePublished": "2025-02-01T06:53:09.114Z",
"dateReserved": "2025-01-10T19:05:52.772Z",
"dateUpdated": "2025-03-13T12:54:46.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42028 (GCVE-0-2024-42028)
Vulnerability from cvelistv5 – Published: 2024-10-28 15:54 – Updated: 2024-10-28 18:53
VLAI?
Summary
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
Severity ?
8.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
8.4.62 , ≤ 8.4.62
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "8.4.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T18:53:01.066571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:53:11.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThanOrEqual": "8.4.62",
"status": "affected",
"version": "8.4.62",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:54:15.384Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-42028",
"datePublished": "2024-10-28T15:54:15.384Z",
"dateReserved": "2024-07-27T01:04:08.014Z",
"dateUpdated": "2024-10-28T18:53:11.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}