CVE-2025-23164

Published May 19, 2025

Last updated a month ago

CVSS medium 4.4

Overview

Description
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.
Source
support@hackerone.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
4.4
Impact score
3.6
Exploitability score
0.7
Vector string
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerability Alert: Ubiquity UniFi Protect Vulnerabilities 📅 Timeline: Disclosure: 2025-05-08, Patch: 2025-05-09 🆔 cveId: CVE-2025-23164 (medium), CVE-2025-23123 (critical) 📊 baseScore: 4.4 (CVE-2025-23164), 10.0 (CVE-2025-23123) 📏 cvssMetrics:

    @syedaquib77

    9 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.