CVE-2025-23116

An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f

Configurations

No configuration.

History

04 Mar 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-287
Summary		(es) Una vulnerabilidad de omisión de autenticación en la aplicación UniFi Protect con dispositivos de puente de adopción automática habilitados podría permitir que un actor malicioso con acceso a la red adyacente de cámaras UniFi Protect tome el control de dichas cámaras.

01 Mar 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-01 03:15

Updated : 2025-03-04 20:15

NVD link : CVE-2025-23116

Mitre link : CVE-2025-23116

CVE.ORG link : CVE-2025-23116

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

9.6 /10