Cyber Resilience

CVE-2025-27212

CriticalRCE

Published: 04 August 2025

Published
04 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0379 88.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27212 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Ui (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27212 is an improper input validation vulnerability, also described under CWE-20 and CWE-77, that permits command injection in multiple UniFi Access hardware devices. The affected products are UniFi Access Reader Pro (versions 2.14.21 and earlier), UniFi Access G2 Reader Pro (1.10.32 and earlier), UniFi Access G3 Reader Pro (1.10.30 and earlier), UniFi Access Intercom (1.7.28 and earlier), UniFi Access G3 Intercom (1.7.29 and earlier), and UniFi Access Intercom Viewer (1.3.20 and earlier). The flaw received a CVSS 3.1 base score of 9.8.

An attacker with network access to the UniFi Access management network can supply crafted input that results in arbitrary command execution, potentially compromising confidentiality, integrity, and availability of the device without requiring authentication or user interaction.

The vendor advisory recommends immediate updates to the following fixed releases: UniFi Access Reader Pro 2.15.9 or later, UniFi Access G2 Reader Pro 1.11.23 or later, UniFi Access G3 Reader Pro 1.11.22 or later, UniFi Access Intercom 1.8.22 or later, UniFi Access G3 Intercom 1.8.22 or later, and UniFi Access Intercom Viewer 1.4.39 or later. The associated EPSS score remains flat at 0.0379 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro…

more

(Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote command injection vulnerability directly enables exploitation of public-facing/network-accessible applications (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20184Shared CWE-20, CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-36540Shared CWE-77
CVE-2025-23239Shared CWE-77
CVE-2026-35428Shared CWE-77
CVE-2024-39763Shared CWE-77
CVE-2026-44871Shared CWE-77
CVE-2025-26063Shared CWE-77

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation vulnerability by enforcing validation of all inputs to prevent command injection.

prevent

Mandates timely flaw remediation through patching to the specified updated firmware versions that fix the command injection vulnerability.

prevent

Restricts network access to the UniFi Access management network, reducing the opportunity for malicious actors to reach and exploit the vulnerable devices.

References