CVE-2025-23118

March 4, 2025, 8:15 p.m.

6.4
Medium

Description

An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

Product(s) Impacted

Product Versions
UniFi Protect Cameras
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References

https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f

Tags

CWE-295
support@hackerone.com
2025-03-01
CVE-2025-23118

CVSS Score

6.4 / 10

CVSS Data - 3.0

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: March 1, 2025, 3:15 a.m.
Last Modified: March 4, 2025, 8:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

support@hackerone.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.