Multiple vulnerabilities in Ubiquiti Networks UniFi Protect Cameras and Application
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2025-23118 CVE-2025-23116 CVE-2025-23115 CVE-2025-23117 CVE-2025-23119 |
| CWE-ID | CWE-295 CWE-306 CWE-416 CWE-346 CWE-150 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
UniFi Protect Cameras Hardware solutions / Security hardware applicances UniFi Protect Application Other software / Other software solutions |
| Vendor | Ubiquiti Networks |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper Certificate Validation
EUVDB-ID: #VU111111
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23118
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to improper certificate validation within the ubnt_avclient component. A remote administrator on the local network can make unsupported changes to the camera system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUniFi Protect Cameras: 4.74.88 and previous versions
CPE2.3- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:*:*:*:*:*:*:*:*
- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:4.74.88:*:*:*:*:*:*:*
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
https://www.zerodayinitiative.com/advisories/ZDI-25-376/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authentication for Critical Function
EUVDB-ID: #VU111122
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-23116
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the lack of authentication prior to allowing access to functionality within the handling of bridge device adoption requests. A remote attacker on the local network can bypass authentication and disclose credentials for accessing connected devices.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUniFi Protect Application: 5.2.46 and previous versions
CPE2.3- cpe:2.3:a:ubiquiti_networks:unifi_protect_application:*:*:*:*:*:*:*:*
- cpe:2.3:a:ubiquiti_networks:unifi_protect_application:5.2.46:*:*:*:*:*:*:*
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
https://www.zerodayinitiative.com/advisories/ZDI-25-378/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU111121
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-23115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUniFi Protect Cameras: 4.74.88 and previous versions
CPE2.3- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:*:*:*:*:*:*:*:*
- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:4.74.88:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Origin validation error
EUVDB-ID: #VU111120
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23117
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to insufficient firmware update validation. A remote administrator on the local network can make unsupported changes to the camera system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUniFi Protect Cameras: 4.74.88 and previous versions
CPE2.3- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:*:*:*:*:*:*:*:*
- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:4.74.88:*:*:*:*:*:*:*
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
https://www.zerodayinitiative.com/advisories/ZDI-25-379/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Neutralization of Escape, Meta, or Control Sequences
EUVDB-ID: #VU111119
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-23119
CWE-ID:
CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient neutralization of special characters within the processing of DHCP packet options. A remote attacker on the local network can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUniFi Protect Cameras: 4.74.88 and previous versions
CPE2.3- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:*:*:*:*:*:*:*:*
- cpe:2.3:h:ubiquiti_networks:unifi_protect_cameras:4.74.88:*:*:*:*:*:*:*
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
https://www.zerodayinitiative.com/advisories/ZDI-25-377/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
