CVE-2025-27217
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in the UISP Application allows authenticated attackers to make unauthorized requests to internal systems and external networks. It affects organizations running vulnerable versions of UISP Application, potentially exposing internal services and infrastructure to attackers with certain permissions.
💻 Affected Systems
- UISP Application
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, exfiltrate sensitive data, pivot to other systems, or perform attacks against internal infrastructure using the UISP server as a proxy.
Likely Case
Unauthorized access to internal APIs, metadata services, or cloud instance metadata leading to credential theft and lateral movement within the network.
If Mitigated
Limited impact with proper network segmentation, egress filtering, and authentication controls preventing unauthorized access to sensitive internal resources.
🎯 Exploit Status
Exploitation requires authenticated access with specific permissions. The vulnerability allows making requests outside the intended scope of the application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.220
Vendor Advisory: https://community.ui.com/releases/UISP-Application-2-4-220/b428b276-c4a6-4b90-b97b-1860ff2bb46d
Restart Required: Yes
Instructions:
1. Backup current UISP configuration. 2. Download UISP Application version 2.4.220 from the official UI website. 3. Follow the upgrade instructions for your deployment method (Docker, bare metal, etc.). 4. Restart the UISP service after upgrade. 5. Verify the upgrade was successful.
🔧 Temporary Workarounds
Network Segmentation
allRestrict outbound network access from UISP servers to only required destinations
Permission Restriction
allReview and minimize user permissions within UISP Application to limit potential attackers
🧯 If You Can't Patch
- Implement strict network egress filtering to prevent UISP servers from accessing internal services
- Monitor for unusual outbound connections from UISP servers and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check UISP Application version in the web interface under Settings > System > About, or run 'docker ps' to check container version if using Docker deployment.Check Version:
In UISP web interface: Settings > System > About, or for Docker: docker ps --filter "name=uisp" --format "table {{.Image}}\t{{.Names}}"Verify Fix Applied:
Verify version shows 2.4.220 or higher in the UISP web interface, and test that SSRF functionality is properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from UISP server
- Requests to internal IP ranges or metadata services
- Multiple failed authentication attempts followed by SSRF-like requests
Network Indicators:
- UISP server making requests to unexpected internal services
- Traffic to cloud metadata endpoints (169.254.169.254, etc.)
- Outbound connections to non-standard ports
SIEM Query:
source="uisp" AND (dest_ip IN (RFC1918_RANGES) OR dest_ip="169.254.169.254") AND http_method IN ("GET","POST")