PT-2025-30007 · Ubiquiti · Unifi Access+1
Published
2025-07-18
·
Updated
2025-08-04
·
CVE-2025-27212
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UniFi Access Reader Pro versions 2.14.21 and earlier
UniFi Access G2 Reader Pro versions 1.10.32 and earlier
UniFi Access G3 Reader Pro versions 1.10.30 and earlier
UniFi Access Intercom versions 1.7.28 and earlier
UniFi Access G3 Intercom versions 1.7.29 and earlier
UniFi Access Intercom Viewer versions 1.3.20 and earlier
Description
An improper input validation in certain UniFi Access devices could allow a command injection by a malicious actor with access to the UniFi Access management network. This vulnerability allows for remote code execution (RCE).
Recommendations
Update UniFi Access Reader Pro to version 2.15.9 or later.
Update UniFi Access G2 Reader Pro to version 1.11.23 or later.
Update UniFi Access G3 Reader Pro to version 1.11.22 or later.
Update UniFi Access Intercom to version 1.8.22 or later.
Update UniFi Access G3 Intercom to version 1.8.22 or later.
Update UniFi Access Intercom Viewer to version 1.4.39 or later.
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Doorcam
Unifi Access