CVE-2025-24292
published 2025-06-29CVE-2025-24292: A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a…
PriorityP339medium6.8CVSS 3.0
AVNACHPRNUINSCCHINAN
EPSS
0.31%
22.8th percentile
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_network_application | >= 9.2.87 < 9.2.87 | 9.2.87 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22558 [HIGH] CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22558 :
Ubiquiti UniFi vulnerability analysis and mitigation
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Source : NVD
## 7.7
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
Windows Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22557 [HIGH] CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22557 :
Ubiquiti UniFi vulnerability analysis and mitigation
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Source : NVD
## 10
Score
Published March 19, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added
2025-06-29
Published