cbcvebase.
CVE-2025-24292
published 2025-06-29

CVE-2025-24292: A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a…

PriorityP339medium6.8CVSS 3.0
AVNACHPRNUINSCCHINAN
EPSS
0.31%
22.8th percentile
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.

Affected

1 ranges
VendorProductVersion rangeFixed in
ubiquiti_incunifi_network_application>= 9.2.87 < 9.2.879.2.87
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.