{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27213", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-02-20T01:00:01.799Z", "datePublished": "2025-08-21T00:01:24.222Z", "dateUpdated": "2025-08-21T14:07:45.141Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\nUniFi Connect Display (Version 1.9.324 and earlier)\r\nUniFi Connect Display Cast (Version 1.9.301 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.78 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later\r\nUpdate UniFi Connect Display to Version 1.13.6 or later\r\nUpdate UniFi Connect Display Cast to Version 1.10.3 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.83 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.3 or later"}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro", "versions": [{"version": "1.5.27", "status": "affected", "lessThan": "1.5.27", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"version": "1.13.6", "status": "affected", "lessThan": "1.13.6", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast", "versions": [{"version": "1.10.3", "status": "affected", "lessThan": "1.10.3", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast Pro", "versions": [{"version": "1.0.83", "status": "affected", "lessThan": "1.0.83", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast Lite", "versions": [{"version": "1.1.3", "status": "affected", "lessThan": "1.1.3", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-08-21T00:01:24.222Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-21T14:07:33.904511Z", "id": "CVE-2025-27213", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-21T14:07:45.141Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-27213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-21T14:07:33.904511Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-21T14:07:23.152Z"}}], "cna": {"affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro", "versions": [{"status": "affected", "version": "1.5.27", "lessThan": "1.5.27", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"status": "affected", "version": "1.13.6", "lessThan": "1.13.6", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast", "versions": [{"status": "affected", "version": "1.10.3", "lessThan": "1.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast Pro", "versions": [{"status": "affected", "version": "1.0.83", "lessThan": "1.0.83", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast Lite", "versions": [{"status": "affected", "version": "1.1.3", "lessThan": "1.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"}], "descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\nUniFi Connect Display (Version 1.9.324 and earlier)\r\nUniFi Connect Display Cast (Version 1.9.301 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.78 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later\r\nUpdate UniFi Connect Display to Version 1.13.6 or later\r\nUpdate UniFi Connect Display Cast to Version 1.10.3 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.83 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.3 or later"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-08-21T00:01:24.222Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27213", "state": "PUBLISHED", "dateUpdated": "2025-08-21T14:07:45.141Z", "dateReserved": "2025-02-20T01:00:01.799Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-08-21T00:01:24.222Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\nUniFi Connect Display (Version 1.9.324 and earlier)\r\nUniFi Connect Display Cast (Version 1.9.301 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.78 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later\r\nUpdate UniFi Connect Display to Version 1.13.6 or later\r\nUpdate UniFi Connect Display Cast to Version 1.10.3 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.83 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.3 or later"}, {"lang": "es", "value": "Un control de acceso inadecuado podr\u00eda permitir que un agente malicioso autenticado en la API de ciertos dispositivos UniFi Connect habilite Android Debug Bridge (ADB) y realice cambios no admitidos en el sistema. Productos afectados: UniFi Connect EV Station Pro (versi\u00f3n 1.5.18 y anteriores), UniFi Connect Display (versi\u00f3n 1.9.324 y anteriores), UniFi Connect Display Cast (versi\u00f3n 1.9.301 y anteriores), UniFi Connect Display Cast Pro (versi\u00f3n 1.0.78 y anteriores), UniFi Connect Display Cast Lite (versi\u00f3n 1.0.3 y anteriores). Mitigaci\u00f3n: Actualizar UniFi Connect EV Station Pro a la versi\u00f3n 1.5.27 o posterior. Actualizar UniFi Connect Display a la versi\u00f3n 1.13.6 o posterior. Actualizar UniFi Connect Display Cast a la versi\u00f3n 1.10.3 o posterior. Actualizar UniFi Connect Display Cast Pro a la versi\u00f3n 1.0.83 o posterior. Actualizar UniFi Connect Display Cast Lite a la versi\u00f3n 1.1.3 o posterior."}], "id": "CVE-2025-27213", "lastModified": "2025-08-22T18:09:17.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-21T01:15:35.520", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}