CVE-2025-27212

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-04 23:15

Updated : 2025-08-05 14:34

NVD link : CVE-2025-27212

Mitre link : CVE-2025-27212

CVE.ORG link : CVE-2025-27212

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-27212", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-04T23:15:27.963", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.\r\n\r\n \r\n\r\nAffected Products:\r\nUniFi Access Reader Pro (Version 2.14.21 and earlier)\r\nUniFi Access G2 Reader Pro (Version 1.10.32 and earlier)\r\nUniFi Access G3 Reader Pro (Version 1.10.30 and earlier)\r\nUniFi Access Intercom (Version 1.7.28 and earlier)\r\nUniFi Access G3 Intercom (Version 1.7.29 and earlier)\r\nUniFi Access Intercom Viewer (Version 1.3.20 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\nUpdate UniFi Access Reader Pro Version 2.15.9 or later\r\nUpdate UniFi Access G2 Reader Pro Version 1.11.23 or later\r\nUpdate UniFi Access G3 Reader Pro Version 1.11.22 or later\r\nUpdate UniFi Access Intercom Version 1.8.22 or later\r\nUpdate UniFi Access G3 Intercom Version 1.8.22 or later\r\nUpdate UniFi Access Intercom Viewer Version 1.4.39 or later"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta en ciertos dispositivos UniFi Access podr\u00eda permitir una inyecci\u00f3n de comandos por parte de un actor malicioso con acceso a la red de administraci\u00f3n de UniFi Access. Productos afectados: UniFi Access Reader Pro (versi\u00f3n 2.14.21 y anteriores) UniFi Access G2 Reader Pro (versi\u00f3n 1.10.32 y anteriores) UniFi Access G3 Reader Pro (versi\u00f3n 1.10.30 y anteriores) UniFi Access Intercom (versi\u00f3n 1.7.28 y anteriores) UniFi Access G3 Intercom (versi\u00f3n 1.7.29 y anteriores) UniFi Access Intercom Viewer (versi\u00f3n 1.3.20 y anteriores) Mitigaci\u00f3n: Actualizar UniFi Access Reader Pro versi\u00f3n 2.15.9 o posterior Actualizar UniFi Access G2 Reader Pro versi\u00f3n 1.11.23 o posterior Actualizar UniFi Access G3 Reader Pro versi\u00f3n 1.11.22 o posterior Actualizar UniFi Access Intercom versi\u00f3n 1.8.22 o posterior Actualizar UniFi Access G3 Intercom versi\u00f3n 1.8.22 o posterior Actualizar UniFi Access Intercom Viewer versi\u00f3n 1.4.39 o posterior"}], "lastModified": "2025-08-05T14:34:17.327", "sourceIdentifier": "support@hackerone.com"}