CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-21 01:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-27215

Mitre link : CVE-2025-27215

CVE.ORG link : CVE-2025-27215

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-27215", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2025-08-21T01:15:35.773", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect Display Cast (Version 1.10.3 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.89 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect Display Cast to Version 1.10.7 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.94 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.8 or later"}, {"lang": "es", "value": "Un control de acceso inadecuado podr\u00eda permitir que un agente malicioso autenticado en la API de ciertos dispositivos UniFi Connect Display Cast realice cambios no compatibles en el sistema. Productos afectados: UniFi Connect Display Cast (versi\u00f3n 1.10.3 y anteriores), UniFi Connect Display Cast Pro (versi\u00f3n 1.0.89 y anteriores), UniFi Connect Display Cast Lite (versi\u00f3n 1.0.3 y anteriores). Mitigaci\u00f3n: Actualizar UniFi Connect Display Cast a la versi\u00f3n 1.10.7 o posterior. Actualizar UniFi Connect Display Cast Pro a la versi\u00f3n 1.0.94 o posterior. Actualizar UniFi Connect Display Cast Lite a la versi\u00f3n 1.1.8 o posterior."}], "lastModified": "2025-08-22T18:09:17.710", "sourceIdentifier": "support@hackerone.com"}