CVE-2025-27212
published 2025-08-04CVE-2025-27212: An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.19%
64.2th percentile
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | openldap-2.4.57-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | openldap-2.4.57-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | openldap-2.4.57-6.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | openldap-2.4.57-6.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | openldap-debuginfo-2.4.57-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | openldap-debuginfo-2.4.57-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | openldap-debuginfo-2.4.57-6.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | openldap-debuginfo-2.4.57-6.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| ubiquiti_inc | unifi_access_g2_reader_pro | >= 1.11.23 < 1.11.23 | 1.11.23 |
| ubiquiti_inc | unifi_access_g3_intercom | >= 1.8.22 < 1.8.22 | 1.8.22 |
| ubiquiti_inc | unifi_access_g3_reader_pro | >= 1.11.22 < 1.11.22 | 1.11.22 |
| ubiquiti_inc | unifi_access_intercom | >= 1.8.22 < 1.8.22 | 1.8.22 |
| ubiquiti_inc | unifi_access_intercom_viewer | >= 1.4.39 < 1.4.39 | 1.4.39 |
| ubiquiti_inc | unifi_access_reader_pro | >= 2.15.9 < 2.15.9 | 2.15.9 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pr73-55xw-cpwc: An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access manageme
ghsa_unreviewed·2025-08-05
CVE-2025-27212 [CRITICAL] CWE-20 GHSA-pr73-55xw-cpwc: An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access manageme
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.
Microsoft
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet resulting in a denial of service (daemon e
vendor_msrc·2021-02-09·CVSS 7.5
CVE-2021-27212 [HIGH] CWE-617 In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet resulting in a denial of service (daemon e
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more info
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-04
Published