Cross-Site Scripting Vulnerability in UCRM Argentina AFIP Invoices Plugin by Ubiquiti Networks
CVE-2025-59467

7.5HIGH

Key Information:

Vendor

Ubiquiti Inc

Status
Ucrm Argentina Afip Invoices Plugin
Vendor
CVE Published:
5 January 2026

What is CVE-2025-59467?

The UCRM Argentina AFIP invoices Plugin, developed by Ubiquiti Networks, is susceptible to a Cross-Site Scripting (XSS) vulnerability in versions 1.2.0 and earlier. This security flaw could allow an attacker to escalate privileges by deceiving an Administrator into visiting a specially crafted malicious webpage. It is important to note that the plugin is disabled by default, requiring strict vigilance when enabled. Users are strongly encouraged to mitigate this risk by updating to version 1.3.0 or later to enhance security and protect sensitive information.

Affected Version(s)

UCRM Argentina AFIP invoices Plugin 0 <= 1.2.0

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.