Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Posted on By CWS

Ubiquiti’s UniFi Entry software has been discovered weak to a crucial flaw that leaves its administration API uncovered with out authentication.

Found by Catchify Safety, this difficulty permits malicious actors on the administration community to probably take full management of door entry techniques, elevating alarms for organizations counting on the platform for bodily safety.

The vulnerability stems from a misconfiguration launched in model 3.3.22 of the UniFi Entry app. With out correct safeguards, attackers may manipulate API endpoints to change entry controls, unlock doorways, or disrupt operations.

This publicity turns a routine community entry right into a gateway for unauthorized adjustments, particularly in environments the place bodily and digital safety intersect.

UniFi Door Entry App Vulnerability

CVE-2025-52665 impacts the UniFi Entry Software particularly, concentrating on variations from 3.3.22 to three.4.31.

The flaw allows network-based exploitation with no privileges required, amplifying its hazard in related setups like company places of work or good buildings.

Ubiquiti acknowledged the problem, noting it was patched in model 4.0.21, urging fast updates to stop exploitation.

Safety researchers at Catchify Safety (@catchifySA) highlighted how the unauthenticated API may result in cascading failures, comparable to unauthorized entry or information leaks from built-in techniques.

Rated at an ideal CVSS v3.1 rating of 10.0, this crucial vulnerability poses excessive dangers throughout confidentiality, integrity, and availability.

Attackers want solely community entry, making it easy for insiders or those that’ve breached perimeter defenses.

CVE IDAffected ProductsCVSS v3.1 Base ScoreVector StringDescriptionCVE-2025-52665UniFi Entry Software (v3.3.22 – 3.4.31)10.0 (Important)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUnauthenticated API publicity permitting full administration management.

Ubiquiti recommends updating to model 4.0.21 or later as the first mitigation. Organizations ought to audit community configurations and monitor for uncommon API exercise within the interim.

This incident underscores the necessity for sturdy authentication in IoT and entry management software program.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi Cyber Security News
Windows DWM 0-Day Vulnerability Allows Attackers to Escalate Privileges Cyber Security News
Kimwolf Android Botnet Hijacked 1.8 Million Android Devices Worldwide Cyber Security News
Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells Cyber Security News
SCATTERED SPIDER Using Aggressive Social Engineering Techniques to Deceive IT Support Teams Cyber Security News
Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts Cyber Security News