CVE-2025-27212
Essential information
- Published
- 04/08/2025 23:15
- Modified
- 05/08/2025 14:34
- Author
- —
- Creator
- —
- CVSS
- 9.8 CRITICAL (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| ubiquiti / unifi access reader pro | cpe:2.3:a:ubiquiti:unifi_access_reader_pro:2.14.21:*:*:*:*:*:*:* |
| ubiquiti / unifi access g2 reader pro | cpe:2.3:a:ubiquiti:unifi_access_g2_reader_pro:1.10.32:*:*:*:*:*:*:* |
| ubiquiti / unifi access g3 reader pro | cpe:2.3:a:ubiquiti:unifi_access_g3_reader_pro:1.10.30:*:*:*:*:*:*:* |
| ubiquiti / unifi access intercom | cpe:2.3:a:ubiquiti:unifi_access_intercom:1.7.28:*:*:*:*:*:*:* |
| ubiquiti / unifi access g3 intercom | cpe:2.3:a:ubiquiti:unifi_access_g3_intercom:1.7.29:*:*:*:*:*:*:* |
| ubiquiti / unifi access intercom viewer | cpe:2.3:a:ubiquiti:unifi_access_intercom_viewer:1.3.20:*:*:*:*:*:*:* |