Authenticated SQL Injection Vulnerability in UISP Application by Ubiquiti
CVE-2025-24290
9.9CRITICAL
What is CVE-2025-24290?
Multiple authenticated SQL injection vulnerabilities exist in the UISP Application versions 2.4.206 and earlier. These vulnerabilities may allow an attacker with low-level access to escalate their privileges, potentially granting unauthorized access to sensitive functions and data. Immediate action is advised to mitigate risks associated with these vulnerabilities.
Affected Version(s)
UISP Application 2.4.211