Ubiquiti UniFi Vulnerability Lets Hackers Inject Malicious Commands
A critical security vulnerability has been discovered in Ubiquiti’s UniFi Access devices that could allow malicious actors to inject and execute arbitrary commands on affected systems.
The vulnerability, designated as CVE-2025-27212, affects multiple UniFi Access products and carries a maximum CVSS score of 9.8, indicating its severe nature and potential for widespread exploitation.
Vulnerability Details and Attack Vector
The security flaw stems from improper input validation within certain UniFi Access devices, creating a pathway for command injection attacks.
| Attribute | Details |
| CVE Identifier | CVE-2025-27212 |
| Publication Date | July 16, 2025 |
| CVSS v3.0 Base Score | 9.8 (Critical) |
Security researchers Bongeun Koo and Junhyung Cho, who discovered the vulnerability, demonstrated that attackers with access to the UniFi Access management network could exploit this weakness to execute malicious commands on targeted devices.
The vulnerability’s high severity rating reflects its potential impact across enterprise environments where UniFi Access systems are commonly deployed for physical access control.
The flaw allows attackers to bypass normal security controls and potentially gain unauthorized access to sensitive areas or systems protected by these devices.
Affected Products and Versions
The vulnerability impacts six distinct UniFi Access product lines, each with specific vulnerable version ranges.
The affected devices include access readers, intercoms, and related hardware that organizations rely on for comprehensive access control solutions.
| Product | Vulnerable Versions | Fixed Versions |
| UniFi Access Reader Pro | 2.14.21 and earlier | 2.15.9 or later |
| UniFi Access G2 Reader Pro | 1.10.32 and earlier | 1.11.23 or later |
| UniFi Access G3 Reader Pro | 1.10.30 and earlier | 1.11.22 or later |
| UniFi Access Intercom | 1.7.28 and earlier | 1.8.22 or later |
| UniFi Access G3 Intercom | 1.7.29 and earlier | 1.8.22 or later |
| UniFi Access Intercom Viewer | 1.3.20 and earlier | 1.4.39 or later |
Ubiquiti has released security updates for all affected products, and organizations should prioritize immediate deployment of these patches.
The company’s Security Advisory Bulletin 051 provides comprehensive guidance for system administrators managing these devices.
Given the critical nature of this vulnerability and the potential for unauthorized access to physical security systems, organizations using UniFi Access devices should implement emergency patching procedures and conduct thorough security assessments to ensure no unauthorized access has occurred.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
Source link
