CVE-2025-23117

MEDIUM

UniFi Protect < - Privilege Escalation

Title source: llm

Description

An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

References (1)

[Release Notes] https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f

Scores

CVSS v3 6.8

EPSS 0.0002

EPSS Percentile 5.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status draft

Timeline

Published Mar 01, 2025

Tracked Since Feb 18, 2026