CVE-2025-27212

{"id": "CVE-2025-27212", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-04T23:15:27.963", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.\r\n\r\n \r\n\r\nAffected Products:\r\nUniFi Access Reader Pro (Version 2.14.21 and earlier)\r\nUniFi Access G2 Reader Pro (Version 1.10.32 and earlier)\r\nUniFi Access G3 Reader Pro (Version 1.10.30 and earlier)\r\nUniFi Access Intercom (Version 1.7.28 and earlier)\r\nUniFi Access G3 Intercom (Version 1.7.29 and earlier)\r\nUniFi Access Intercom Viewer (Version 1.3.20 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\nUpdate UniFi Access Reader Pro Version 2.15.9 or later\r\nUpdate UniFi Access G2 Reader Pro Version 1.11.23 or later\r\nUpdate UniFi Access G3 Reader Pro Version 1.11.22 or later\r\nUpdate UniFi Access Intercom Version 1.8.22 or later\r\nUpdate UniFi Access G3 Intercom Version 1.8.22 or later\r\nUpdate UniFi Access Intercom Viewer Version 1.4.39 or later"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta en ciertos dispositivos UniFi Access podr\u00eda permitir una inyecci\u00f3n de comandos por parte de un actor malicioso con acceso a la red de administraci\u00f3n de UniFi Access. Productos afectados: UniFi Access Reader Pro (versi\u00f3n 2.14.21 y anteriores) UniFi Access G2 Reader Pro (versi\u00f3n 1.10.32 y anteriores) UniFi Access G3 Reader Pro (versi\u00f3n 1.10.30 y anteriores) UniFi Access Intercom (versi\u00f3n 1.7.28 y anteriores) UniFi Access G3 Intercom (versi\u00f3n 1.7.29 y anteriores) UniFi Access Intercom Viewer (versi\u00f3n 1.3.20 y anteriores) Mitigaci\u00f3n: Actualizar UniFi Access Reader Pro versi\u00f3n 2.15.9 o posterior Actualizar UniFi Access G2 Reader Pro versi\u00f3n 1.11.23 o posterior Actualizar UniFi Access G3 Reader Pro versi\u00f3n 1.11.22 o posterior Actualizar UniFi Access Intercom versi\u00f3n 1.8.22 o posterior Actualizar UniFi Access G3 Intercom versi\u00f3n 1.8.22 o posterior Actualizar UniFi Access Intercom Viewer versi\u00f3n 1.4.39 o posterior"}], "lastModified": "2025-08-05T14:34:17.327", "sourceIdentifier": "support@hackerone.com"}