CVE-2019-25651
Published: 27 March 2026
Summary
CVE-2019-25651 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ui (inferred from references). Its CVSS base score is 8.3 (High).
Operationally, ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates implementation of NIST-approved cryptographic mechanisms to protect device-to-controller communications, directly addressing the weak AES-CBC encryption that enables key recovery from captured traffic.
Requires protection of confidentiality and integrity for transmitted information using appropriate cryptographic controls, mitigating risks from capturing and exploiting encrypted traffic between Ubiquiti devices and controller.
Ensures timely identification, reporting, and remediation of flaws like the AES-CBC cryptographic weakness through patching to vendor-recommended versions.
NVD Description
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication,…
more
which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
Deeper analysisAI
CVE-2019-25651 is a cryptographic vulnerability in Ubiquiti UniFi products, stemming from the use of AES-CBC encryption for device-to-controller communication. This implementation contains weaknesses that enable attackers to recover encryption keys from captured traffic, linked to CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Affected components include UniFi Network Controller prior to version 5.10.12 (excluding 5.6.42), UAP firmware prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor firmware prior to 3.8.17, USW firmware prior to 4.0.6, and USG firmware prior to 4.4.34. The issue carries a CVSS v3.1 base score of 8.3 (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Attackers with adjacent network access can exploit this by capturing sufficient encrypted traffic between devices and the controller, then leveraging AES-CBC mode vulnerabilities—such as padding oracle or chosen-plaintext attacks—to derive the encryption keys. Successful exploitation grants unauthorized control and management of affected network devices, compromising confidentiality, integrity, availability, and expanding the attack surface due to the changed scope.
Ubiquiti's Security Advisory Bulletin and related vendor guidance recommend upgrading to patched versions, such as UniFi Network Controller 5.10.12 or later, UAP firmware 4.0.6 or later, UAP-AC series firmware 3.8.17 or later, USW firmware 4.0.6 or later, and USG firmware 4.4.34 or later, to mitigate the key recovery risk. Additional details are available in the Ubiquiti community advisory and VulnCheck analysis.
Details
- CWE(s)