Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Posted on By CWS

Ubiquiti’s UniFi Entry software has been discovered weak to a crucial flaw that leaves its administration API uncovered with out authentication.

Found by Catchify Safety, this difficulty permits malicious actors on the administration community to probably take full management of door entry techniques, elevating alarms for organizations counting on the platform for bodily safety.

The vulnerability stems from a misconfiguration launched in model 3.3.22 of the UniFi Entry app. With out correct safeguards, attackers may manipulate API endpoints to change entry controls, unlock doorways, or disrupt operations.

This publicity turns a routine community entry right into a gateway for unauthorized adjustments, particularly in environments the place bodily and digital safety intersect.

UniFi Door Entry App Vulnerability

CVE-2025-52665 impacts the UniFi Entry Software particularly, concentrating on variations from 3.3.22 to three.4.31.

The flaw allows network-based exploitation with no privileges required, amplifying its hazard in related setups like company places of work or good buildings.

Ubiquiti acknowledged the problem, noting it was patched in model 4.0.21, urging fast updates to stop exploitation.

Safety researchers at Catchify Safety (@catchifySA) highlighted how the unauthenticated API may result in cascading failures, comparable to unauthorized entry or information leaks from built-in techniques.

Rated at an ideal CVSS v3.1 rating of 10.0, this crucial vulnerability poses excessive dangers throughout confidentiality, integrity, and availability.

Attackers want solely community entry, making it easy for insiders or those that’ve breached perimeter defenses.

CVE IDAffected ProductsCVSS v3.1 Base ScoreVector StringDescriptionCVE-2025-52665UniFi Entry Software (v3.3.22 – 3.4.31)10.0 (Important)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUnauthenticated API publicity permitting full administration management.

Ubiquiti recommends updating to model 4.0.21 or later as the first mitigation. Organizations ought to audit community configurations and monitor for uncommon API exercise within the interim.

This incident underscores the necessity for sturdy authentication in IoT and entry management software program.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Hackers Exploited Samsung Galaxy S25 0-Day Vulnerability to Enable Camera and Track Location Cyber Security News
Microsoft Defender for Office 365 New Dashboard to Provide More Details Across a Range of Threat Vectors Cyber Security News
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware Cyber Security News
Palo Alto Networks, Zscaler, Jaguar Land Rover, and Cyber Attacks Cyber Security News
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and  Trusted Publishing Cyber Security News
New Web3 Phishing Attack Leverages Fake AI Platforms to Steal Usernames and Passwords Cyber Security News