CVE-2025-27214
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubiquiti | unifi_connect_ev_station_pro | 1.5.18 |
| ubiquiti | unifi_connect_ev_station_pro | 1.5.27 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication for Critical Function in the UniFi Connect EV Station Pro. It allows a malicious actor who has physical or adjacent access to the device to perform an unauthorized factory reset without proper authentication.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with physical or nearby access to reset your UniFi Connect EV Station Pro device to factory settings without authorization. This could lead to loss of configuration, potential service disruption, and unauthorized changes to the device.
What immediate steps should I take to mitigate this vulnerability?
Update UniFi Connect EV Station Pro to Version 1.5.27 or later to mitigate the vulnerability.