CVE-2019-25651
Published: 27 March 2026
Summary
CVE-2019-25651 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ui (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2019-25651 is a cryptographic vulnerability in Ubiquiti UniFi products, stemming from the use of AES-CBC encryption for device-to-controller communication. This implementation contains weaknesses that enable attackers to recover encryption keys from captured traffic, linked to CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Affected components include UniFi Network Controller prior to version 5.10.12 (excluding 5.6.42), UAP firmware prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor firmware prior to 3.8.17, USW firmware prior to 4.0.6, and USG firmware prior to 4.4.34. The issue carries a CVSS v3.1 base score of 8.3 (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Attackers with adjacent network access can exploit this by capturing sufficient encrypted traffic between devices and the controller, then leveraging AES-CBC mode vulnerabilities—such as padding oracle or chosen-plaintext attacks—to derive the encryption keys. Successful exploitation grants unauthorized control and management of affected network devices, compromising confidentiality, integrity, availability, and expanding the attack surface due to the changed scope.
Ubiquiti's Security Advisory Bulletin and related vendor guidance recommend upgrading to patched versions, such as UniFi Network Controller 5.10.12 or later, UAP firmware 4.0.6 or later, UAP-AC series firmware 3.8.17 or later, USW firmware 4.0.6 or later, and USG firmware 4.4.34 or later, to mitigate the key recovery risk. Additional details are available in the Ubiquiti community advisory and VulnCheck analysis.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20041
Vulnerability details
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication,…
more
which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables offline key recovery from passively captured device-controller traffic (T1040) and subsequent decryption/re-encryption of the channel for unauthorized control (T1557).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates implementation of NIST-approved cryptographic mechanisms to protect device-to-controller communications, directly addressing the weak AES-CBC encryption that enables key recovery from captured traffic.
Requires protection of confidentiality and integrity for transmitted information using appropriate cryptographic controls, mitigating risks from capturing and exploiting encrypted traffic between Ubiquiti devices and controller.
Ensures timely identification, reporting, and remediation of flaws like the AES-CBC cryptographic weakness through patching to vendor-recommended versions.