CVE-2025-23123

Published May 19, 2025

Last updated 2 months ago

CVSS critical 10.0
Ubiquiti UniFi

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-23123 is a heap buffer overflow vulnerability found in Ubiquiti UniFi Protect Cameras with firmware version 4.75.43 and earlier. A malicious actor with access to the management network could exploit this vulnerability to achieve remote code execution (RCE). Successful exploitation could allow attackers to deploy malware, manipulate video feeds, or move laterally across connected networks. The vulnerability is located in the UniFi Protect Cameras firmware. To mitigate this vulnerability, users are urged to update their UniFi Protect Cameras to version 4.75.62 or later.

Description
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
Source
support@hackerone.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Social media

Hype score
Not currently trending

  1. #Vulnerability #cameravulnerability CVE-2025-23123 (CVSS 10): Critical UniFi Protect Cameras Flaw Demands Immediate Updates https://t.co/591M3LpqtD

    @Komodosec

    2 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-23123 A heap buffer overflow in UniFi Protect Cameras (v4.75.43 and earlier) allows Remote Code Execution (RCE) on the management network. CVSS: 10.0 (Critical) Vendor: Ubiquiti 📅 Published: 2025-05-19 🔗 https://t.co/BNWRsXM4Oz #CyberSecurity #CVE #RCE #IoTSe

    @BaseFortify

    19 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-23123 UniFi Protect Camera Firmware Remote Code Execution Vulnerability... https://t.co/Halyy4ppqX Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    19 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-23123: CRITICAL] Beware of UniFi Protect Cameras vulnerabilities! A remote code execution threat lurks in firmware versions 4.75.43 and earlier due to a heap buffer overflow flaw. #cybersecurity#cve,CVE-2025-23123,#cybersecurity https://t.co/lQQ6DOrvB6 https://t.co/sLRJ

    @CveFindCom

    19 May 2025

    131 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  5. CVE-2025-23123(CVSS 10):关键UniFi保护相机缺陷要求立即更新 此漏洞允许威胁行为者获得任意代码执行,可能使摄像机系统完全妥协,窃听,未经授权的监视操作或转向安全网络的其他部分 https://t.co/I3eaFPjeiH

    @chenze654321

    13 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️⚠️ CVE-2025-23123: CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras 🎯65k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/VpDiPbI5Rn FOFA Query:app="UNIFI-Camera" 🔖Refer:https://t.co/eX6p0P8kut #OSINT #FOFA #

    @fofabot

    12 May 2025

    1999 Impressions

    12 Retweets

    15 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨Alert🚨 CVE-2025-23123:Critical RCE Flaw in UniFi Protect Cameras 📊15.1K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/dgO8MKBWAW 👇Query HUNTER : https://t.co/q9rtuGgxk7="UniFi Protect" FOFA : product="UniFi-Protect" SHODAN :

    @HunterMapping

    12 May 2025

    2906 Impressions

    22 Retweets

    57 Likes

    20 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ Vulnerability Alert: Ubiquity UniFi Protect Vulnerabilities 📅 Timeline: Disclosure: 2025-05-08, Patch: 2025-05-09 🆔 cveId: CVE-2025-23164 (medium), CVE-2025-23123 (critical) 📊 baseScore: 4.4 (CVE-2025-23164), 10.0 (CVE-2025-23123) 📏 cvssMetrics:

    @syedaquib77

    9 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A critical vulnerability (CVE-2025-23123) in Ubiquity UniFi Protect cameras allows remote code execution via a heap overflow on firmware ≤4.75.43, exploitable over the network without authentication. Stay updated! 🚨 #SecurityAlert #Ubiquiti https://t.co/zKVnJfEChj

    @TweetThreatNews

    9 May 2025

    99 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚡️The vulnerability details are now available: https://t.co/Tpn7DToa3Y 🚨🚨CVE-2025-23123 (CVSS 10) hits UniFi Protect Cameras with a critical RCE flaw! Malicious actors with management network access can exploit a heap buffer overflow to seize FULL control. ZoomEye ht

    @zoomeye_team

    8 May 2025

    599 Impressions

    1 Retweet

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.