CVE-2025-27212 - Ubiquiti UniFi Access Command Injection Vulnerability

CVE ID : CVE-2025-27212

Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago

Description : An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)

Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-27212 – Ubiquiti UniFi Access Command Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-4648 – Centreon Web Reflected Cross-Site Scripting (XSS)

Multiple Vulnerabilities in NETSCOUT nGeniusONE Threaten Infrastructure Visibility Platforms

Perficient Recognized by Leading Analyst Firm for Automotive and Mobility Expertise

CVE-2025-54887 – jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware

CVE-2025-9180 – “Firefox/Thunderbird Same-Origin Policy Bypass in Graphics: Canvas2D”

CVE-2025-8499 – Code-Projects Online Medicine Guide SQL Injection Vulnerability

CVE-2025-7465 – Tenda FH1201 HTTP POST Request Handler Buffer Overflow

CVE-2025-27212 – Ubiquiti UniFi Access Command Injection Vulnerability

Related Posts