Ubiquiti Inc Uisp Application vulnerabilities
4 known vulnerabilities affecting ubiquiti_inc/uisp_application.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-24290P2CRITICALCVSS 9.9≥ 2.4.211, < 2.4.2112025-06-29
CVE-2025-24290 [CRITICAL] CWE-89 CVE-2025-24290: Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
nvd
CVE-2025-27216P3HIGHCVSS 8.8≥ 2.4.220, < 2.4.2202025-08-21
CVE-2025-27216 [HIGH] CWE-732 CVE-2025-27216: Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malic
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
nvd
CVE-2025-27217P3CRITICALCVSS 9.1≥ 2.4.220, < 2.4.2202025-08-21
CVE-2025-27217 [CRITICAL] CWE-918 CVE-2025-27217: A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certai
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
nvd
CVE-2025-48979P4LOWCVSS 3.4≥ 2.4.220, < 2.4.2202025-08-29
CVE-2025-48979 [LOW] CWE-77 CVE-2025-48979: An Improper Input Validation in UISP Application could allow a Command Injection by a malicious acto
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
nvd