Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Posted on By CWS

Ubiquiti’s UniFi Entry software has been discovered weak to a crucial flaw that leaves its administration API uncovered with out authentication.

Found by Catchify Safety, this difficulty permits malicious actors on the administration community to probably take full management of door entry techniques, elevating alarms for organizations counting on the platform for bodily safety.

The vulnerability stems from a misconfiguration launched in model 3.3.22 of the UniFi Entry app. With out correct safeguards, attackers may manipulate API endpoints to change entry controls, unlock doorways, or disrupt operations.

This publicity turns a routine community entry right into a gateway for unauthorized adjustments, particularly in environments the place bodily and digital safety intersect.

UniFi Door Entry App Vulnerability

CVE-2025-52665 impacts the UniFi Entry Software particularly, concentrating on variations from 3.3.22 to three.4.31.

The flaw allows network-based exploitation with no privileges required, amplifying its hazard in related setups like company places of work or good buildings.

Ubiquiti acknowledged the problem, noting it was patched in model 4.0.21, urging fast updates to stop exploitation.

Safety researchers at Catchify Safety (@catchifySA) highlighted how the unauthenticated API may result in cascading failures, comparable to unauthorized entry or information leaks from built-in techniques.

Rated at an ideal CVSS v3.1 rating of 10.0, this crucial vulnerability poses excessive dangers throughout confidentiality, integrity, and availability.

Attackers want solely community entry, making it easy for insiders or those that’ve breached perimeter defenses.

CVE IDAffected ProductsCVSS v3.1 Base ScoreVector StringDescriptionCVE-2025-52665UniFi Entry Software (v3.3.22 – 3.4.31)10.0 (Important)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUnauthenticated API publicity permitting full administration management.

Ubiquiti recommends updating to model 4.0.21 or later as the first mitigation. Organizations ought to audit community configurations and monitor for uncommon API exercise within the interim.

This incident underscores the necessity for sturdy authentication in IoT and entry management software program.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Critical Juniper Networks Flaw Risks PTX Series Routers Critical Juniper Networks Flaw Risks PTX Series Routers Cyber Security News
New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads Cyber Security News
GlassWorm Campaign Expands via Malicious VSX Extensions GlassWorm Campaign Expands via Malicious VSX Extensions Cyber Security News
React Native’s Metro Server Targeted by Hackers React Native’s Metro Server Targeted by Hackers Cyber Security News
DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats Cyber Security News
New ClickFix Attack Mimic as AnyDesk Leverages Windows Search to Drop MetaStealer New ClickFix Attack Mimic as AnyDesk Leverages Windows Search to Drop MetaStealer Cyber Security News