cbcvebase.
CVE-2025-23123
published 2025-05-19

CVE-2025-23123: A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the…

PriorityP269critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
1.07%
60.5th percentile
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.

Affected

1 ranges
VendorProductVersion rangeFixed in
ubiquiti_incunifi_protect_cameras>= 4.75.62 < 4.75.624.75.62

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-23123 is a heap buffer overflow in UniFi Protect Camera firmware (version 4.75.43 and earlier) exploitable by a network-adjacent attacker on the management network to achieve remote code execution via malformed requests.
  • Restrict or monitor access to the UniFi Protect Camera management network; malformed/anomalous requests to management interfaces from unexpected sources should be treated as suspicious.
  • ·Vulnerability affects UniFi Protect Cameras running firmware version 4.75.43 and earlier; ensure version scope is confirmed before applying detections.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.