CVE-2025-52665P1CRITICALCVSS 10.0ExploitedPoC≥ 3.3.22, < 4.0.212025-10-31
CVE-2025-52665 [CRITICAL] CWE-306 CVE-2025-52665: A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.
Affected Products:
UniFi Access Application (Version 3
nvd