CVE-2025-27212

CRITICAL

UniFi Access <2.14.21-1.10.32-1.7.28 - Command Injection

Title source: llm

Description

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later

References (1)

Core 1

Core References

Release Notes

https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3

Scores

CVSS v3 9.8

EPSS 0.0119

EPSS Percentile 64.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-20 CWE-77

Status published

Products (6)

Ubiquiti Inc/UniFi Access G2 Reader Pro 1.11.23

Ubiquiti Inc/UniFi Access G3 Intercom 1.8.22

Ubiquiti Inc/UniFi Access G3 Reader Pro 1.11.22

Ubiquiti Inc/UniFi Access Intercom 1.8.22

Ubiquiti Inc/UniFi Access Intercom Viewer 1.4.39

Ubiquiti Inc/UniFi Access Reader Pro 2.15.9

Published Aug 04, 2025

Tracked Since Feb 18, 2026