Authentication Bypass in UniFi Protect Application for Auto-Adopt Bridge Devices
CVE-2025-23116

9.6CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Protect Application
Vendor: CVE Published:; 1 March 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-23116?

The UniFi Protect Application is vulnerable to an Authentication Bypass, particularly when Auto-Adopt Bridge Devices are enabled. This flaw may allow malicious actors with access to the adjacent network of UniFi Protect Cameras to gain unauthorized control over these devices, which can lead to significant security risks to the affected systems. Users of the UniFi Protect Application are advised to review security practices and mitigate potential risks associated with this vulnerability.

Affected Version(s)

UniFi Protect Application 5.2.49

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2025
Vulnerability Reserved
Jan 11, 2025