CVE-2025-23091

{"id": "CVE-2025-23091", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-02-01T07:15:08.277", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}, {"lang": "es", "value": "Una validaci\u00f3n de certificado incorrecta en dispositivos UniFi OS, con Identity Enterprise configurado, podr\u00eda permitir que un actor malintencionado ejecute un ataque de intermediario (MitM) durante la actualizaci\u00f3n de la aplicaci\u00f3n."}], "lastModified": "2025-03-13T13:15:57.990", "sourceIdentifier": "support@hackerone.com"}