CVE-2025-27215_CVE-2025-27215

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.

Affected Products:

UniFi Connect Display Cast (Version 1.10.3 and earlier)
UniFi Connect Display Cast Pro (Version 1.0.89 and earlier)
UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)

Mitigation:

Update UniFi Connect Display Cast to Version 1.10.7 or later
Update UniFi Connect Display Cast Pro to Version 1.0.94 or later
Update UniFi Connect Display Cast Lite to Version 1.1.8 or later

Basic Information

ID CVE-2025-27215

Source hackerone

Published Aug 21, 2025 at 00:01

Modified Aug 21, 2025 at 14:46

Affected Product

Vendor Ubiquiti Inc

Product UniFi Connect Display Cast

Version 1.10.7

Affected Versions Ubiquiti Inc UniFi Connect Display Cast 1.10.7
Ubiquiti Inc UniFi Connect Display Cast Pro 1.0.94
Ubiquiti Inc UniFi Connect Display Cast Lite 1.1.8

CWE Classification

CWE-284

References

community.ui.com /releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6

{
    "lastseen": "",
    "description": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect Display Cast (Version 1.10.3 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.89 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect Display Cast to Version 1.10.7 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.94 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.8 or later",
    "published": "2025-08-21T00:01:24.190Z",
    "modified": "2025-08-21T14:46:44.681Z",
    "type": "cve",
    "title": "CVE-2025-27215",
    "source": "hackerone",
    "references": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6",
    "id": "CVE-2025-27215",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Ubiquiti Inc UniFi Connect Display Cast 1.10.7\nUbiquiti Inc UniFi Connect Display Cast Pro 1.0.94\nUbiquiti Inc UniFi Connect Display Cast Lite 1.1.8",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UniFi Connect Display Cast",
    "version": "1.10.7",
    "vendor": "Ubiquiti Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}