CVE-2025-52665 PoC — Ubiquiti UniFi Access Application 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-52665.yaml

Associated Vulnerability

Title:Ubiquiti UniFi Access Application 安全漏洞 (CVE-2025-52665)
Description:A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31).   Mitigation: Update your UniFi Access Application to Version 4.0.21 or later.

Description

UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access.

File Snapshot


 id: CVE-2025-52665

info:
  name: UniFi Access - Broken Access Control
  author: theamanrawat
  seve

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!