PT-2025-5809 · Ubiquiti · Unifi Protect Cameras

Published

2025-02-06

Updated

2025-03-17

CVE-2025-23115

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Protect Cameras (affected versions not specified)

Description A Use After Free vulnerability could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network. The issue was found to be actively exploited. It was discovered by Synacktiv and STEALIEN Inc. researchers at Pwn2Own 2025.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Improper Certificate Validation

Improper Authentication

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-150CWE-287CWE-1277CWE-416

Related Identifiers

BDU:2025-02004

BDU:2025-02005

BDU:2025-02006

BDU:2025-02007

BDU:2025-02008

CVE-2025-23115

Affected Products

Unifi Protect Cameras

PT-2025-5809 · Ubiquiti · Unifi Protect Cameras

CVE-2025-23115

Weakness Enumeration

Related Identifiers

Affected Products

References · 21