CVE-2025-52665
📋 TL;DR
An authentication bypass vulnerability in UniFi Access door control software allows attackers on the management network to access administrative APIs without credentials. This affects UniFi Access Application versions 3.3.22 through 3.4.31. Attackers could potentially control door access systems or compromise the management infrastructure.
💻 Affected Systems
- UniFi Access Application
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of door access control system allowing unauthorized physical access, lateral movement to other network segments, and potential ransomware deployment across connected systems.
Likely Case
Unauthorized access to door management functions, modification of access permissions, extraction of user data, and potential installation of backdoors.
If Mitigated
Limited impact due to network segmentation and proper access controls preventing management network access.
🎯 Exploit Status
Exploitation requires network access to the management interface but no authentication. Simple HTTP requests to the exposed API endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.21 and later
Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download UniFi Access Application version 4.0.21 or later from Ubiquiti. 3. Install the update through the UniFi controller interface. 4. Restart the UniFi Access application service.
🔧 Temporary Workarounds
Network Segmentation
allIsolate UniFi Access management network from general corporate networks
Firewall Restrictions
allBlock access to UniFi Access management API ports from unauthorized networks
🧯 If You Can't Patch
- Implement strict network segmentation to isolate UniFi Access management network
- Deploy network monitoring and intrusion detection for unauthorized API access attempts
🔍 How to Verify
Check if Vulnerable:
Check UniFi Access Application version in controller interface. If version is between 3.3.22 and 3.4.31 inclusive, system is vulnerable.Check Version:
Check via UniFi controller web interface at Settings > System > AboutVerify Fix Applied:
Verify version is 4.0.21 or later in UniFi controller interface. Test API endpoints require authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated API requests to management endpoints
- Access logs showing successful API calls without authentication headers
Network Indicators:
- HTTP requests to UniFi Access API endpoints without authentication tokens
- Unusual traffic patterns to management API ports
SIEM Query:
source="unifi-access" AND (http_method="POST" OR http_method="GET") AND NOT auth_token=* AND uri_path="/api/*"