CVE-2025-52665

CVSS v3.1

Critical

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Access Application versions 3.3.22 through 3.4.31

Description A misconfiguration in the UniFi Access application exposes a management API without proper authentication. An attacker with access to the management network could exploit this issue. Approximately 90,000 instances have been identified as exposed worldwide. The issue allows for remote code execution (RCE) and potentially impacts both digital and physical security by allowing manipulation of door access systems and network infiltration. The exposed API does not require authentication, allowing unauthorized access.

Recommendations Update your UniFi Access Application to Version 4.0.21 or later.

Fix

RCE

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2026-00253

CVE-2025-52665

Affected Products

Unifi Access

CVE-2025-52665

Weakness Enumeration

Related Identifiers

Affected Products

References · 31