CVE-2025-23123
Published: 19 May 2025
Summary
CVE-2025-23123 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Ui (inferred from references). Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 17.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A heap buffer overflow vulnerability tracked as CVE-2025-23123 affects UniFi Protect Cameras firmware versions 4.75.43 and earlier. The flaw, assigned CWE-122, permits remote code execution when triggered over the network.
An attacker with access to the management network can exploit the issue without authentication or user interaction to execute arbitrary code on the camera, resulting in full compromise of confidentiality, integrity, and availability as reflected in the CVSS 10.0 score.
The Ubiquiti security advisory at the referenced URL describes the vulnerability and provides mitigation guidance for affected camera deployments. The associated EPSS score remains low and unchanged at 0.0168 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15707
Vulnerability details
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.