A important safety vulnerability affecting a number of Ubiquiti UniFi Entry gadgets might enable attackers to execute malicious instructions remotely.
The vulnerability, tracked as CVE-2025-27212, stems from improper enter validation and has been assigned a most CVSS v3.0 base rating of 9.8, indicating a Essential Severity.
Key Takeaways1. Essential flaw (CVE-2025-27212) permits attackers to inject instructions into UniFi Entry gadgets.2. Six gadget strains are affected, compromising bodily safety methods if exploited.3. Rapid firmware updates and community isolation are required.
Safety researchers Bongeun Koo and Junhyung Cho found the flaw, which impacts six completely different UniFi Entry product strains and poses vital dangers to enterprise safety infrastructure.
Ubiquiti UniFi Gadgets Injection Vulnerability
The safety flaw represents a command injection vulnerability that exploits improper enter validation mechanisms throughout the UniFi Entry administration community.
In line with the official Safety advisory, the vulnerability permits malicious actors who’ve gained entry to the UniFi Entry administration community to inject and execute arbitrary instructions on affected gadgets.
The assault vector is especially regarding because it requires community entry (AV:N) with low assault complexity (AC:L) and no privileges required (PR:N), making it extremely exploitable.
The CVSS v3.0 vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H signifies that profitable exploitation may end up in full compromise of confidentiality, integrity, and availability of the affected methods.
This classification locations the vulnerability in essentially the most extreme class, requiring instant consideration from community directors and safety groups.
Danger FactorsDetailsAffected Merchandise– UniFi Entry Reader Professional (≤ 2.14.21)- UniFi Entry G2 Reader Professional (≤ 1.10.32)- UniFi Entry G3 Reader Professional (≤ 1.10.30)- UniFi Entry Intercom (≤ 1.7.28)- UniFi Entry G3 Intercom (≤ 1.7.29)- UniFi Entry Intercom Viewer (≤ 1.3.20)ImpactComplete system compromiseExploit Stipulations– Community entry to UniFi Entry administration network- No authentication required- No person interplay needed- Low assault complexityCVSS 3.1 Score9.8 (Essential )
Affected Merchandise
The vulnerability impacts six distinct UniFi Entry product strains with particular firmware variations. UniFi Entry Reader Professional gadgets working model 2.14.21 and earlier are affected, together with UniFi Entry G2 Reader Professional (model 1.10.32 and earlier) and UniFi Entry G3 Reader Professional (model 1.10.30 and earlier).
Moreover, intercom methods together with UniFi Entry Intercom (model 1.7.28 and earlier), UniFi Entry G3 Intercom (model 1.7.29 and earlier), and UniFi Entry Intercom Viewer (model 1.3.20 and earlier) are weak.
Organizations utilizing these gadgets of their bodily safety infrastructure face potential unauthorized entry to constructing administration methods, surveillance networks, and entry management mechanisms.
The broad scope of affected merchandise means that quite a few enterprise environments could also be in danger. Ubiquiti has launched firmware updates to deal with the vulnerability throughout all affected product strains.
Community directors ought to instantly replace UniFi Entry Reader Professional to model 2.15.9 or later, UniFi Entry G2 Reader Professional to model 1.11.23 or later, and UniFi Entry G3 Reader Professional to model 1.11.22 or later.
For intercom methods, updates embrace UniFi Entry Intercom and UniFi Entry G3 Intercom to model 1.8.22 or later, and UniFi Entry Intercom Viewer to model 1.4.39 or later.
Organizations ought to prioritize these updates, given the important nature of the vulnerability, and implement community segmentation to restrict publicity of UniFi Entry administration networks till patches are utilized.
Increase detection, scale back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Strive ANY.RUN Now
