CVE-2025-52665

Published Oct 31, 2025

Last updated 6 days ago

CVSS critical 10.0
UniFi Access

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-52665 is a Remote Code Execution (RCE) vulnerability that exists in the UniFi Access Application. A malicious actor with access to the management network could exploit a misconfiguration in UniFi's door access application, UniFi Access, that exposed a management API without proper authentication. The vulnerability affects UniFi Access Application versions 3.3.22 through 3.4.31. To mitigate this vulnerability, it is recommended to update your UniFi Access Application to version 4.0.21 or later.

Description
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.  Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31). 
 Mitigation: Update your UniFi Access Application to Version 4.0.21 or later.
Source
support@hackerone.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-306

Social media

Hype score
Not currently trending

  1. [Перевод] CVE-2025-52665 — удаленное выполнение кода в Unifi Access ($25,000) https://t.co/2si9osD4Ku https://t.co/gKHdIeMisq

    @VulnersHub

    10 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 UniFi OS Backup API RCE — CVE-2025-52665 🚨​ Security researchers disclosed a critical unauthenticated remote-code-execution vulnerability in Ubiquiti’s UniFi OS ecosystem. Criminal IP has found over 90,000 instances exposed worldwide — check the blog for mitigati

    @CriminalIP_US

    10 Nov 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 UniFi OS 백업 API RCE 취약점 — CVE-2025-52665 🚨​ Ubiquiti의 UniFi OS 생태계에서 인증 없이 원격 코드 실행이 가능한 심각한 취약점이 발표되었습니다. Criminal IP를 통해 발견된 전세계에 노출된 9만 건 이상의 인스

    @CriminalIP_KR

    10 Nov 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A CVSS 10.0 flaw in Ubiquiti’s UniFi Access system exposes both digital and physical entry points — literally. John and Lou unpack CVE-2025-52665, a critical vulnerability that lets attackers manipulate door access systems and infiltrate management networks. Learn why this on

    @john_video

    8 Nov 2025

    95 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. In this episode of IT SPARC Cast - CVE of The Week, @john_Video and @loudoggeek dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing https://t.

    @ITSPARCCast

    7 Nov 2025

    270 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    2 Quotes

  6. 🚨 Falha crítica no UniFi Access expõe risco de invasão total! Uma nova vulnerabilidade (CVE-2025-52665) foi descoberta no UniFi Access Application, permitindo execução remota de código (RCE) e controle total do sistema. O problema está em um endpoint de backup exposto

    @brainworkblog

    5 Nov 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2025-52665 - critical 🚨 UniFi Access - Broken Access Control > UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication cause... 👾 https://t.co/HGGehM4ddw @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    5 Nov 2025

    150 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. Ubiquiti入退室管理ソフト「UniFi Access」にCVE-2025-52665発見。管理NW経由で認証なしAPIアクセス可。CVSS 10.0(最高値)クリティカル評価。v3.4.31-3.3.22影響、4.0.21で修正済 / 入退室管理製品「UniFi Access」の管理APIに認

    @__su888

    4 Nov 2025

    161 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 UniFi OS:認証不要のRCE(CVE-2025-52665)を確認​ この重大な欠陥により、攻撃者は資格情報やユーザー操作を必要とせずに​UniFi デバイスを完全に制御できます。​ Criminal IPで露出している unifi os を検出し

    @CriminalIP_JP

    4 Nov 2025

    293 Impressions

    1 Retweet

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. 🔥 Urgent: UniFi OS — CVE-2025-52665 (Unauthenticated RCE) 🔥 This critical vulnerability allows an attacker to gain full control of UniFi devices without credentials or user interaction. Immediate inspection is required. 🔎 Criminal IP detection: 91,613 instances Searc

    @CriminalIP_US

    4 Nov 2025

    1049 Impressions

    3 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. 🔥 UniFi OS 긴급경고 — CVE-2025-52665 (인증 불필요 RCE) 🔥 ​해당 취약점으로 인해 공격자는 자격 증명이나 사용자 조작 없이 ​UniFi 디바이스를 완전히 제어할 수 있습니다.​ 즉시 점검하세요! 🔎 Criminal IP 탐지:

    @CriminalIP_KR

    4 Nov 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-52665 - RCE in Unifi Access ($25,000) https://t.co/sO3RRKQQAg

    @Dinosn

    3 Nov 2025

    5910 Impressions

    17 Retweets

    55 Likes

    34 Bookmarks

    1 Reply

    0 Quotes

  13. 🚨🚨CVE-2025-52665 (CVSS 10.0): RCE in UniFi OS A malicious actor on the management network could exploit a UniFi Access misconfiguration exposing an unauthenticated management API. Search by vul.cve Filter👉vul.cve="CVE-2025-52665" ZoomEye Dork👉app="UniFi OS" 279.8k+ l

    @zoomeye_team

    3 Nov 2025

    25191 Impressions

    65 Retweets

    294 Likes

    138 Bookmarks

    1 Reply

    3 Quotes

  14. 🔴 Proud to share our latest finding CVE-2025-52665 (RCE) in UniFi OS, scored 10.0 CVSS, discovered with @3zizMe_ at @CatchifySA . https://t.co/MKxcxsaivb Enjoy!

    @Omarzzu

    2 Nov 2025

    5498 Impressions

    10 Retweets

    85 Likes

    31 Bookmarks

    7 Replies

    0 Quotes

  15. New write-up: CVE-2025-52665 (RCE) in UniFi OS by @CatchifySA . https://t.co/EKbyHvr3d5 Enjoy! #infose

    @3zizMe_

    2 Nov 2025

    12476 Impressions

    36 Retweets

    166 Likes

    72 Bookmarks

    9 Replies

    1 Quote

  16. CVE-2025-52665 Unauthenticated API Access Vulnerability in UniFi Access Applicat... https://t.co/nGbaHJYKvH Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    31 Oct 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-52665 A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management A… https://t.co/HBzFHi5uzK

    @CVEnew

    31 Oct 2025

    353 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Awarded $25,000 (max bounty) by Ubiquiti for a Remote Code Execution (RCE) in UniFi Access Application via @Hacker0x01. CVE: CVE-2025-52665 (assigned). Patch is live → https://t.co/gstpJ1OmkA Huge thanks to the Ubiquiti security team. Full research will be published by the

    @3zizMe_

    23 Oct 2025

    27269 Impressions

    25 Retweets

    257 Likes

    59 Bookmarks

    55 Replies

    5 Quotes

References

Sources include official advisories and independent security research.