Cross-Site Scripting Vulnerability in UCRM Argentina AFIP Invoices Plugin by Ubiquiti Networks
CVE-2025-59467

7.5HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Ucrm Argentina Afip Invoices Plugin
Vendor: CVE Published:; 5 January 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-59467?

The UCRM Argentina AFIP invoices Plugin, developed by Ubiquiti Networks, is susceptible to a Cross-Site Scripting (XSS) vulnerability in versions 1.2.0 and earlier. This security flaw could allow an attacker to escalate privileges by deceiving an Administrator into visiting a specially crafted malicious webpage. It is important to note that the plugin is disabled by default, requiring strict vigilance when enabled. Users are strongly encouraged to mitigate this risk by updating to version 1.3.0 or later to enhance security and protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

UCRM Argentina AFIP invoices Plugin 0 <= 1.2.0

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Sep 16, 2025

JSON

Ubiquiti Inc

What is CVE-2025-59467?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.