Cyber Resilience

CVE-2025-23123

Critical

Published: 19 May 2025

Published
19 May 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0168 82.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23123 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Ui (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 17.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A heap buffer overflow vulnerability tracked as CVE-2025-23123 affects UniFi Protect Cameras firmware versions 4.75.43 and earlier. The flaw, assigned CWE-122, permits remote code execution when triggered over the network.

An attacker with access to the management network can exploit the issue without authentication or user interaction to execute arbitrary code on the camera, resulting in full compromise of confidentiality, integrity, and availability as reflected in the CVSS 10.0 score.

The Ubiquiti security advisory at the referenced URL describes the vulnerability and provides mitigation guidance for affected camera deployments. The associated EPSS score remains low and unchanged at 0.0168 with no observed increase after disclosure.

EU & UK References

Vulnerability details

A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References