CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23091: An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a...

5.9 CVSS

Description

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

Classification

CVE ID: CVE-2025-23091

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor: Ubiquiti Inc

Product: UDM

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.76% (scored less or equal to compared to others)

EPSS Date: 2025-03-02 (when was this score calculated)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf

Timeline

2025-02-02 00:30:12 UTC
CVE

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a...