Misconfiguration in UniFi Access Door Management Application by Ubiquiti

CVE-2025-52665

What is CVE-2025-52665?

CVE-2025-52665 is a vulnerability found in the UniFi Access Door Management Application developed by Ubiquiti Inc., which provides an integrated system for managing door access and security controls. This vulnerability arises from a misconfiguration that resulted in a management API being exposed without the necessary authentication mechanisms. It was introduced in version 3.3.22 of the application and has since been resolved in version 4.0.21 and later. If exploited, this vulnerability allows a malicious actor with access to the management network to take advantage of the unprotected API, potentially leading to unauthorized access control over physical entry points. The lack of adequate security controls can expose an organization to various risks, including unauthorized entry into secure areas, manipulation of access permissions, and broader impacts on overall facility security.

Potential Impact of CVE-2025-52665

1. Unauthorized Access: The misconfiguration can lead to unauthorized individuals gaining control over door access systems, enabling them to grant entry to sensitive areas without valid credentials.

2. Data Breach Risks: With potential access to the management API, attackers could exploit the vulnerability to manipulate or extract sensitive information related to user access logs, thereby compromising organizational security measures.

3. Operational Disruption: Exploiting this vulnerability could lead to disruptions in access management operations, affecting normal business functions and potentially causing significant operational setbacks in secured facilities.

References