Improper Certificate Verification in UniFi Network Controller by Ubiquiti
CVE-2019-25652

7.6HIGH

Key Information:

Vendor: Ubiquiti
Status: Unifi Network Controller
Vendor: CVE Published:; 27 March 2026

What is CVE-2019-25652?

The UniFi Network Controller has a vulnerability that allows adjacent network attackers to perform man-in-the-middle attacks. By exploiting an insecure SSL host verification mechanism in the SMTP certificate validation process, attackers can present a fraudulent SSL certificate. This allows them to intercept SMTP traffic and potentially capture user credentials, posing significant security risks to affected environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

UniFi Network Controller 0 < 5.10.22

UniFi Network Controller 5.11 < 5.11.18

UniFi Network Controller 5.6.42

References

https://community.ui.com/releases/Security-Advisory-Bulle...

vendor-advisory

https://www.vulncheck.com/advisories/unifi-network-contro...

third-party-advisory

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 26, 2026

JSON

Ubiquiti

What is CVE-2019-25652?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.