cbcvebase.
CVE-2025-23091
published 2025-02-01

CVE-2025-23091: An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle…

PriorityP430medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EPSS
0.19%
9.1th percentile
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

Affected

12 ranges
VendorProductVersion rangeFixed in
ubiquiti_incefg>= 4.1.13 < 4.1.134.1.13
ubiquiti_incucg-max>= 4.1.13 < 4.1.134.1.13
ubiquiti_incuck>= 4.1.11 < 4.1.114.1.11
ubiquiti_incuck-enterprise>= 4.1.11 < 4.1.114.1.11
ubiquiti_incuckp>= 4.1.11 < 4.1.114.1.11
ubiquiti_incudm>= 4.1.13 < 4.1.134.1.13
ubiquiti_incudm-pro>= 4.1.13 < 4.1.134.1.13
ubiquiti_incudm-pro-max>= 4.1.13 < 4.1.134.1.13
ubiquiti_incudm-se>= 4.1.13 < 4.1.134.1.13
ubiquiti_incudw>= 4.1.13 < 4.1.134.1.13
ubiquiti_incunvr>= 4.1.11 < 4.1.114.1.11
ubiquiti_incunvr_pro>= 4.1.11 < 4.1.114.1.11
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.