Heap Buffer Overflow Vulnerability in UniFi Protect Cameras by Ubiquiti
CVE-2025-23123

10CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Protect Cameras
Vendor: CVE Published:; 19 May 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

Badges

📈 Score: 209📰 News Worthy

What is CVE-2025-23123?

CVE-2025-23123 is a serious heap buffer overflow vulnerability found in the firmware of UniFi Protect Cameras developed by Ubiquiti Inc. This vulnerability potentially allows unauthorized actors with access to the management network to execute remote code, compromising the integrity and security of the affected systems. With UniFi Protect Cameras being widely utilized for surveillance and security purposes, the implications of this vulnerability could lead to unauthorized access to camera feeds, manipulation of settings, and further network exposures. The affected firmware versions are 4.75.43 and earlier, making it crucial for organizations using these cameras to be aware of their firmware versions and the associated risks.

Potential Impact of CVE-2025-23123

Remote Code Execution: This vulnerability allows an attacker to gain control over the camera's operating system, which can lead to a variety of malicious activities, including the installation of additional malware or tools for further exploitation of the network.
Unauthorized Access to Surveillance Data: With the ability to execute code, attackers can potentially access live camera feeds, recordings, and sensitive information captured by the cameras, posing significant privacy and security risks.
Network Compromise: Exploiting this vulnerability could serve as a launchpad for attacks on the broader network, enabling attackers to gain footholds in other systems connected to or managed through the same network, thus escalating the threat landscape for an organization.