CVE-2025-23091

MEDIUM

UniFi OS - MitM

Title source: llm

Description

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

References (1)

[Release Notes] https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf

Scores

CVSS v3 5.9

EPSS 0.0014

EPSS Percentile 34.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (12)

Ubiquiti Inc/EFG 4.1.13

Ubiquiti Inc/UCG-Max 4.1.13

Ubiquiti Inc/UCK 4.1.11

Ubiquiti Inc/UCK-Enterprise 4.1.11

Ubiquiti Inc/UCKP 4.1.11

Ubiquiti Inc/UDM 4.1.13

Ubiquiti Inc/UDM-Pro 4.1.13

Ubiquiti Inc/UDM-Pro-Max 4.1.13

Ubiquiti Inc/UDM-SE 4.1.13

Ubiquiti Inc/UDW 4.1.13

... and 2 more

Published Feb 01, 2025

Tracked Since Feb 18, 2026