Missing Authentication in UniFi Connect EV Station Pro by Ubiquiti
CVE-2025-27214

9.8CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Connect Ev Station Pro
Vendor: CVE Published:; 21 August 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-27214?

The UniFi Connect EV Station Pro is susceptible to a Missing Authentication for Critical Function vulnerability, which may permit a malicious actor with physical or adjacent access to execute an unauthorized factory reset. This flaw poses significant risks, as it could lead to an unauthorized system reset, compromising device integrity and data security. To mitigate this risk, users are advised to update to version 1.5.27 or later.

Affected Version(s)

UniFi Connect EV Station Pro 1.5.27

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Feb 20, 2025

JSON