CVE-2019-25652
Published: 27 March 2026
Summary
CVE-2019-25652 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Ui (inferred from references). Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-25652 is an improper certificate verification vulnerability (CWE-295) affecting UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18. The issue stems from an insecure SSL host verification mechanism in the SMTP certificate validation process, enabling attackers to present false SSL certificates during SMTP connections.
Adjacent network attackers can exploit this vulnerability to conduct man-in-the-middle attacks without requiring privileges or user interaction. By intercepting SMTP traffic, they can obtain credentials, achieving high confidentiality, integrity, and availability impacts. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting the need for adjacent access and high attack complexity.
Ubiquiti's Security Advisory Bulletin and VulnCheck's advisory recommend upgrading to UniFi Network Controller version 5.10.22 or later in the 5.10 branch, or 5.11.18 or later in the 5.11 branch, to mitigate the improper certificate validation and prevent credential theft via MITM attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20043
Vulnerability details
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and…
more
obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper SMTP certificate validation (CWE-295) directly enables successful adversary-in-the-middle interception of SMTP traffic for credential theft.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires establishment of requirements for PKI certificates and prohibits improper types, directly addressing the improper SSL certificate verification that enables MITM attacks on SMTP connections.
Mandates timely flaw remediation, such as upgrading UniFi Network Controller to patched versions that fix the insecure SSL host verification mechanism.
Protects confidentiality and integrity of transmitted information using cryptographic mechanisms, mitigating MITM interception of SMTP traffic though not fully specifying certificate validation.