Cyber Resilience

CVE-2019-25652

HighPublic PoC

Published: 27 March 2026

Published
27 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 2.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25652 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Ui (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25652 is an improper certificate verification vulnerability (CWE-295) affecting UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18. The issue stems from an insecure SSL host verification mechanism in the SMTP certificate validation process, enabling attackers to present false SSL certificates during SMTP connections.

Adjacent network attackers can exploit this vulnerability to conduct man-in-the-middle attacks without requiring privileges or user interaction. By intercepting SMTP traffic, they can obtain credentials, achieving high confidentiality, integrity, and availability impacts. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting the need for adjacent access and high attack complexity.

Ubiquiti's Security Advisory Bulletin and VulnCheck's advisory recommend upgrading to UniFi Network Controller version 5.10.22 or later in the 5.10 branch, or 5.11.18 or later in the 5.11 branch, to mitigate the improper certificate validation and prevent credential theft via MITM attacks.

EU & UK References

Vulnerability details

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and…

more

obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper SMTP certificate validation (CWE-295) directly enables successful adversary-in-the-middle interception of SMTP traffic for credential theft.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31854Shared CWE-295
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2024-29171Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2025-66001Shared CWE-295

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires establishment of requirements for PKI certificates and prohibits improper types, directly addressing the improper SSL certificate verification that enables MITM attacks on SMTP connections.

prevent

Mandates timely flaw remediation, such as upgrading UniFi Network Controller to patched versions that fix the insecure SSL host verification mechanism.

prevent

Protects confidentiality and integrity of transmitted information using cryptographic mechanisms, mitigating MITM interception of SMTP traffic though not fully specifying certificate validation.

References