CVE-2025-27212_CVE-2025-27212

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)

Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later

Basic Information

ID CVE-2025-27212

Source hackerone

Published Aug 4, 2025 at 22:12

Modified Aug 5, 2025 at 13:33

Affected Product

Vendor Ubiquiti Inc

Product UniFi Access Reader Pro

Version 2.15.9

Affected Versions Ubiquiti Inc UniFi Access Reader Pro 2.15.9
Ubiquiti Inc UniFi Access G2 Reader Pro 1.11.23
Ubiquiti Inc UniFi Access G3 Reader Pro 1.11.22
Ubiquiti Inc UniFi Access Intercom 1.8.22
Ubiquiti Inc UniFi Access G3 Intercom 1.8.22
Ubiquiti Inc UniFi Access Intercom Viewer 1.4.39

CWE Classification

CWE-20 CWE-77

References

community.ui.com /releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3

{
    "lastseen": "",
    "description": "An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.\r\n\r\n \r\n\r\nAffected Products:\r\nUniFi Access Reader Pro (Version 2.14.21 and earlier)\r\nUniFi Access G2 Reader Pro (Version 1.10.32 and earlier)\r\nUniFi Access G3 Reader Pro (Version 1.10.30 and earlier)\r\nUniFi Access Intercom (Version 1.7.28 and earlier)\r\nUniFi Access G3 Intercom (Version 1.7.29 and earlier)\r\nUniFi Access Intercom Viewer (Version 1.3.20 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\nUpdate UniFi Access Reader Pro Version 2.15.9 or later\r\nUpdate UniFi Access G2 Reader Pro Version 1.11.23 or later\r\nUpdate UniFi Access G3 Reader Pro Version 1.11.22 or later\r\nUpdate UniFi Access Intercom Version 1.8.22 or later\r\nUpdate UniFi Access G3 Intercom Version 1.8.22 or later\r\nUpdate UniFi Access Intercom Viewer Version 1.4.39 or later",
    "published": "2025-08-04T22:12:18.820Z",
    "modified": "2025-08-05T13:33:09.184Z",
    "type": "cve",
    "title": "CVE-2025-27212",
    "source": "hackerone",
    "references": "https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3",
    "id": "CVE-2025-27212",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Ubiquiti Inc UniFi Access Reader Pro 2.15.9\nUbiquiti Inc UniFi Access G2 Reader Pro 1.11.23\nUbiquiti Inc UniFi Access G3 Reader Pro 1.11.22\nUbiquiti Inc UniFi Access Intercom 1.8.22\nUbiquiti Inc UniFi Access G3 Intercom 1.8.22\nUbiquiti Inc UniFi Access Intercom Viewer 1.4.39",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UniFi Access Reader Pro",
    "version": "2.15.9",
    "vendor": "Ubiquiti Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}