Authentication Bypass in UniFi Protect Application for Auto-Adopt Bridge Devices
CVE-2025-23116

9.6CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Protect Application
Vendor: CVE Published:; 1 March 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-23116?

The UniFi Protect Application is vulnerable to an Authentication Bypass, particularly when Auto-Adopt Bridge Devices are enabled. This flaw may allow malicious actors with access to the adjacent network of UniFi Protect Cameras to gain unauthorized control over these devices, which can lead to significant security risks to the affected systems. Users of the UniFi Protect Application are advised to review security practices and mitigate potential risks associated with this vulnerability.

Affected Version(s)

UniFi Protect Application 5.2.49

News Articles

GBHackers News

CVE-2025-23116 CVE-2025-23115

Critical UniFi Protect Camera Vulnerability Enables Remote Code Execution Attacks

The vulnerabilities, discovered during the Pwn2Own 2025 hacking competition, affect UniFi Protect Cameras.

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2025
👾
Exploit known to exist
Feb 21, 2025
📰
First article discovered by GBHackers News
Feb 21, 2025
Vulnerability Reserved
Jan 11, 2025