CVE-2025-23091 - Vulnerability Details - OpenCVE

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00022}`	epss `{'score': 0.00025}`

Thu, 13 Mar 2025 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-295
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 01 Feb 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
References		https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf
Metrics		cvssV3_0 `{'score': 5.9, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2025-02-01T06:53:09.114Z

Updated: 2025-03-13T12:54:46.381Z

Reserved: 2025-01-10T19:05:52.772Z

Link: CVE-2025-23091

Vulnrichment

Updated: 2025-02-12T20:41:13.170Z

NVD

Status : Awaiting Analysis

Published: 2025-02-01T07:15:08.277

Modified: 2025-03-13T13:15:57.990

Link: CVE-2025-23091

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23091", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-01-10T19:05:52.772Z", "datePublished": "2025-02-01T06:53:09.114Z", "dateUpdated": "2025-03-13T12:54:46.381Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-SE", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro-Max", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDW", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR PRO", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCKP", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK-Enterprise", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Max", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "EFG", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-02-01T06:53:09.114Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-03T15:47:37.586798Z", "id": "CVE-2025-23091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T12:54:46.381Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T15:47:37.586798Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:13.170Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UDM", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-Pro", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-SE", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-Pro-Max", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDW", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UNVR", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UNVR PRO", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCKP", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCK", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCK-Enterprise", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCG-Max", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "EFG", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-02-01T06:53:09.114Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23091", "state": "PUBLISHED", "dateUpdated": "2025-03-13T12:54:46.381Z", "dateReserved": "2025-01-10T19:05:52.772Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-02-01T06:53:09.114Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}