CVE-2025-48978

HIGH

EdgeMAX EdgeSwitch <1.11.1 - Command Injection

Title source: llm

Description

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.

References (1)

Core 1

Core References

Release Notes

https://community.ui.com/releases/Security-Advisory-Bulletin-054-054/3033f0b7-aca6-4d70-8c51-d3e706bd0ca7

Scores

CVSS v3 7.5

EPSS 0.0069

EPSS Percentile 47.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

Ubiquiti Inc/EdgeMAX EdgeSwitch 1.11.1

Published Aug 21, 2025

Tracked Since Feb 18, 2026