Unifi Protect: Critical vulnerabilities in cameras and management interface

There are critical security gaps in the cameras from the Unifi Protect product range and the associated management interface. Attackers can use them to change settings on the devices and even execute their own commands.

Unifi manufacturer Ubiquiti has published a total of five security vulnerabilities in a security notice:

• CVD-2025-23116 (CVSS 9.6, critical) allows under certain conditions to trick the authentication in the Unifi Protect Application and remotely control cameras
• CVE-2025-23115 (CVSS 9.0, critical), a "Use After Free" vulnerability, could be used by attackers to inject their own code into a camera without prior login
• CVE-2025-23119 (CVSS 7.5, high) provides another way for a logged-in attacker to execute code on a Unifi camera
• CVD-2025-23117 (CVSS 6.8, medium) was assigned for insufficient verification of firmware updates, allowing attackers to tamper with cameras without authorization
• CVE-2025-23118 (CVSS 6.4, medium): Insufficient certificate validation allows an attacker with a valid user ID to make unauthorized changes to cameras

Updates for cameras and management interface

The vulnerabilities affect all versions, including 4.74.88 of the Unifi Protect Cameras and the Unifi Protect Application in version 5.2.46 or earlier.

Admins should switch to the bug-fixed versions. For Unifi Protect Application this is version 5.2.49 or newer, for the cameras version 4.74.106 is at least less buggy. The last time the manufacturer reported serious security vulnerabilities in one of its products was in October 2024.

(cku)