Improper Input Validation in UISP Application by Ubiquiti
CVE-2025-48979

3.4LOW

Key Information:

Vendor: Ubiquiti Inc
Status: Uisp Application
Vendor: CVE Published:; 28 August 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-48979?

A vulnerability in the UISP Application from Ubiquiti arises from improper input validation, which can be exploited by malicious actors with elevated privileges and local access, potentially leading to command injection. This flaw creates significant security risks as it allows attackers to execute unauthorized commands on the affected system, compromising the integrity of the application and potentially affecting the network configurations.

Affected Version(s)

UISP Application 2.4.220

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
May 29, 2025

JSON