CVE-2025-23164

Summary

A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Protect Application5.3.45 < 5.3.45affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References