CVE-2025-23123
published 2025-05-19CVE-2025-23123: A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the…
PriorityP269critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
1.07%
60.5th percentile
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_protect_cameras | >= 4.75.62 < 4.75.62 | 4.75.62 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-23123 is a heap buffer overflow in UniFi Protect Camera firmware (version 4.75.43 and earlier) exploitable by a network-adjacent attacker on the management network to achieve remote code execution via malformed requests. ↗
- →Restrict or monitor access to the UniFi Protect Camera management network; malformed/anomalous requests to management interfaces from unexpected sources should be treated as suspicious. ↗
- ·Vulnerability affects UniFi Protect Cameras running firmware version 4.75.43 and earlier; ensure version scope is confirmed before applying detections. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2025-05-19
Published