Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication

Posted on By CWS

Ubiquiti’s UniFi Entry software has been discovered weak to a crucial flaw that leaves its administration API uncovered with out authentication.

Found by Catchify Safety, this difficulty permits malicious actors on the administration community to probably take full management of door entry techniques, elevating alarms for organizations counting on the platform for bodily safety.

The vulnerability stems from a misconfiguration launched in model 3.3.22 of the UniFi Entry app. With out correct safeguards, attackers may manipulate API endpoints to change entry controls, unlock doorways, or disrupt operations.

This publicity turns a routine community entry right into a gateway for unauthorized adjustments, particularly in environments the place bodily and digital safety intersect.

UniFi Door Entry App Vulnerability

CVE-2025-52665 impacts the UniFi Entry Software particularly, concentrating on variations from 3.3.22 to three.4.31.

The flaw allows network-based exploitation with no privileges required, amplifying its hazard in related setups like company places of work or good buildings.

Ubiquiti acknowledged the problem, noting it was patched in model 4.0.21, urging fast updates to stop exploitation.

Safety researchers at Catchify Safety (@catchifySA) highlighted how the unauthenticated API may result in cascading failures, comparable to unauthorized entry or information leaks from built-in techniques.

Rated at an ideal CVSS v3.1 rating of 10.0, this crucial vulnerability poses excessive dangers throughout confidentiality, integrity, and availability.

Attackers want solely community entry, making it easy for insiders or those that’ve breached perimeter defenses.

CVE IDAffected ProductsCVSS v3.1 Base ScoreVector StringDescriptionCVE-2025-52665UniFi Entry Software (v3.3.22 – 3.4.31)10.0 (Important)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUnauthenticated API publicity permitting full administration management.

Ubiquiti recommends updating to model 4.0.21 or later as the first mitigation. Organizations ought to audit community configurations and monitor for uncommon API exercise within the interim.

This incident underscores the necessity for sturdy authentication in IoT and entry management software program.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

How to Use Threat Intelligence to Enhance Cybersecurity Operations How to Use Threat Intelligence to Enhance Cybersecurity Operations Cyber Security News
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records Cyber Security News
Microsoft Bookings Vulnerability Let Attackers Alter the Meeting Details Microsoft Bookings Vulnerability Let Attackers Alter the Meeting Details Cyber Security News
Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems Cyber Security News
US to Offer Million Reward for Details About RedLine Malware Developer US to Offer $10 Million Reward for Details About RedLine Malware Developer Cyber Security News
Hackers Exploit DFIR Tool Velociraptor In Ransomware Attacks Hackers Exploit DFIR Tool Velociraptor In Ransomware Attacks Cyber Security News