CVE-2025-27215

Summary

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.

Affected Products:

UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)

Mitigation:

Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Connect Display Cast1.10.7 < 1.10.7affected
Ubiquiti IncUniFi Connect Display Cast Pro1.0.94 < 1.0.94affected
Ubiquiti IncUniFi Connect Display Cast Lite1.1.8 < 1.1.8affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References