CVE-2024-42025

Name of the Vulnerable Software and Affected Versions UniFi Network Application versions 8.3.32 and earlier

Description A Command Injection issue allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. This issue affects Self-Hosted UniFi Network Servers running on Linux.

Recommendations For versions 8.3.32 and earlier, update to a version later than 8.3.32 to resolve the issue. As a temporary workaround, consider restricting access to the unifi user shell to minimize the risk of exploitation.