logo_clicknbuy.png

CVE-2025-27212 – Ubiquiti UniFi Access Command Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2025-27212 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 04, 2025

    Action Type Old Value New Value
    Added Description An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

    Affected Products:
    UniFi Access Reader Pro (Version 2.14.21 and earlier)
    UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
    UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
    UniFi Access Intercom (Version 1.7.28 and earlier)
    UniFi Access G3 Intercom (Version 1.7.29 and earlier)
    UniFi Access Intercom Viewer (Version 1.3.20 and earlier)

    Mitigation:
    Update UniFi Access Reader Pro Version 2.15.9 or later
    Update UniFi Access G2 Reader Pro Version 1.11.23 or later
    Update UniFi Access G3 Reader Pro Version 1.11.22 or later
    Update UniFi Access Intercom Version 1.8.22 or later
    Update UniFi Access G3 Intercom Version 1.8.22 or later
    Update UniFi Access Intercom Viewer Version 1.4.39 or later
    Added Reference https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3
Share the Post:

Related Posts