216.73.217.172

CVE-2019-25652

· Published 27/03/2026 22:16 · Modified 27/03/2026 22:16

Labels: CVE-2019-25652 2026-03-27CVE-2019-25652CWE-295[email protected]

Essential information

Published
27/03/2026 22:16
Modified
27/03/2026 22:16
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ubiquiti / unifi network controller cpe:2.3:a:ubiquiti:unifi_network_controller:<5.10.22:*:*:*:*:*:*:*
ubiquiti / unifi network controller cpe:2.3:a:ubiquiti:unifi_network_controller:<5.11.18:*:*:*:*:*:*:*

References