CVE-2025-27213
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubnt | unifi_connect_display_cast_pro | 1.0.78 |
| ubnt | unifi_connect_display_cast_lite | 1.0.3 |
| ubnt | unifi_connect_display_cast | 1.9.301 |
| ubnt | unifi_connect_ev_station_pro | 1.5.18 |
| ubnt | unifi_connect_display | 1.9.324 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control issue in certain UniFi Connect devices. It allows a malicious actor who is authenticated in the device's API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with API access to enable ADB and perform unauthorized modifications to the system, potentially compromising device integrity and security.
What immediate steps should I take to mitigate this vulnerability?
Update the affected UniFi Connect devices to the fixed versions as follows: UniFi Connect EV Station Pro to Version 1.5.27 or later; UniFi Connect Display to Version 1.13.6 or later; UniFi Connect Display Cast to Version 1.10.3 or later; UniFi Connect Display Cast Pro to Version 1.0.83 or later; and UniFi Connect Display Cast Lite to Version 1.1.3 or later.