Privilege Escalation Vulnerability in UISP Application by Ubiquiti
CVE-2025-27216

8.8HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Uisp Application
Vendor: CVE Published:; 21 August 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-27216?

The UISP Application developed by Ubiquiti is prone to incorrect permission assignment for critical resources. This vulnerability potentially allows malicious actors possessing specific permissions to escalate their privileges within the application. Exploitation of this flaw could grant unauthorized access to sensitive functionalities, leading to severe security implications. It is crucial for users of the UISP Application to take immediate action to address this issue.

Affected Version(s)

UISP Application 2.4.220

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Feb 20, 2025

JSON