CVE-2025-23091

Summary

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUDM4.1.13 < 4.1.13affected
Ubiquiti IncUDM-Pro4.1.13 < 4.1.13affected
Ubiquiti IncUDM-SE4.1.13 < 4.1.13affected
Ubiquiti IncUDM-Pro-Max4.1.13 < 4.1.13affected
Ubiquiti IncUDW4.1.13 < 4.1.13affected
Ubiquiti IncUNVR4.1.11 < 4.1.11affected
Ubiquiti IncUNVR PRO4.1.11 < 4.1.11affected
Ubiquiti IncUCKP4.1.11 < 4.1.11affected
Ubiquiti IncUCK4.1.11 < 4.1.11affected
Ubiquiti IncUCK-Enterprise4.1.11 < 4.1.11affected
Ubiquiti IncUCG-Max4.1.13 < 4.1.13affected
Ubiquiti IncEFG4.1.13 < 4.1.13affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References