CVE-2025-27212
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2025-08-05

Assigner: HackerOne

Description
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2025-08-05
Generated
2026-05-07
AI Q&A
2025-08-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-27212
EUVD
EUVD-2025-23556
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
ubnt unifi_access_g3_intercom 1.7.29
ubnt unifi_access_g2_reader_pro 1.10.32
ubnt unifi_access_intercom 1.7.28
ubnt unifi_access_intercom_viewer 1.3.20
ubnt unifi_access_reader_pro 2.14.21
ubnt unifi_access_g3_reader_pro 1.10.30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Improper Input Validation issue in certain UniFi Access devices that could allow a malicious actor with access to the UniFi Access management network to perform Command Injection.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with access to the UniFi Access management network to execute arbitrary commands on the affected devices, potentially leading to unauthorized control or disruption of the device's operation.


What immediate steps should I take to mitigate this vulnerability?

Update the affected UniFi Access devices to the specified fixed versions or later: UniFi Access Reader Pro to version 2.15.9 or later, UniFi Access G2 Reader Pro to version 1.11.23 or later, UniFi Access G3 Reader Pro to version 1.11.22 or later, UniFi Access Intercom to version 1.8.22 or later, UniFi Access G3 Intercom to version 1.8.22 or later, and UniFi Access Intercom Viewer to version 1.4.39 or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart