Ubiquiti UniFi Protect Cameras Vulnerable to Remote Hijacking: Critical Security Advisory Issued

February 21, 2025

Ubiquiti, a prominent network equipment provider, has issued a critical security warning about numerous vulnerabilities detected in its UniFi Protect camera line. These vulnerabilities were identified by several security researchers involved in the Pwn2Own competition run by the Zero Day Initiative. The vulnerabilities span from remote code execution to bypassing authentication, potentially leaving user systems exposed to cyber threats.

One of the most serious vulnerabilities, designated as CVE-2025-23115, enables remote code execution (RCE). This vulnerability, with a CVSS v3.0 base score of 9.0 (Critical), could allow a malicious entity with access to the camera's management network to fully control the device.

Another critical vulnerability, known as CVE-2025-23116, permits authentication bypass when the Auto-Adopt Bridge Devices feature is activated. This vulnerability, with a CVSS v3.0 base score of 9.6 (Critical), could allow a threat actor on the camera's adjacent network to take over the device. Ubiquiti has also addressed three medium-rated vulnerabilities.

Ubiquiti is urging users to upgrade their UniFi Protect Cameras to version 4.74.106 or later and their UniFi Protect Application to version 5.2.49 or later to mitigate these vulnerabilities. As network-connected devices become more common, it is essential for users and organizations to stay alert and take the necessary precautions to protect their systems from potential threats.

Latest News

• Google Researcher Discloses High-Risk Vulnerability in Palo Alto Networks' PAN-OS Firewall Software
• Windows Disk Cleanup Tool Vulnerability Allows SYSTEM Privileges Exploitation: CVE-2025-21420 Patched
• Critical Security Flaw in Juniper Session Smart Routers Allows Authentication Bypass
• RedMike Exploits Cisco Vulnerabilities in Global Espionage Campaign
• U.S. CISA Catalogs SimpleHelp Vulnerability as Known Exploited Threat