CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23118: An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network...

6.4 CVSS

Description

An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

Classification

CVE ID: CVE-2025-23118

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: Ubiquiti Inc

Product: UniFi Protect Cameras

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.79% (scored less or equal to compared to others)

EPSS Date: 2025-03-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23118
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f

Timeline