The vulnerability is a classic Path Traversal flaw that allows an attacker with network access to read arbitrary files on UniFi OS devices. The flaw resides in the way file paths are handled by the management interface, permitting an attacker to request files outside the intended directory. Successful exploitation would grant the attacker access to configuration data, logs, and potentially sensitive information stored on the device, without requiring authentication. This breach represents a clear compromise of confidentiality.

Affected products include a wide range of Ubiquiti devices that run UniFi OS. These encompass router and switch platforms such as UDM, UDR, UDR-5G, UDR7, UNAS, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UNVR and its variants, as well as the EFG, ENVR, ENVR-Core, Express, Express 7, UCG-Fiber, UCG-Industrial, UCG-Max, UCG-Ultra, UCK, UCK-Enterprise, UCKP, UniFi OS Server, and related hardware. The CVE does not specify affected firmware or software versions, so any device currently running UniFi OS is at risk until an updated build remedies the issue.

The CVSS base score of 8.6 places this flaw in the High severity category, reflecting a significant impact should exploitation succeed. The EPSS metric is unavailable, so we cannot quantify real‑world exploitation probability, but the absence from the KEV list suggests no publicly known exploits yet. However, the flaw can be triggered remotely from inside the local network, and given the accumulation of many UniFi OS devices in enterprises, the attack surface is large. Organizations should treat this as a high‑priority vulnerability that can be mitigated with a firmware update and network segmentation.