CVE-2025-52665

Published: Oct 30, 2025

Modified: Oct 31, 2025

PUBLISHED

Description

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31).   Mitigation: Update your UniFi Access Application to Version 4.0.21 or later.

Vendor	Product	Versions
Ubiquiti Inc	UniFi Access Application	affected `3.3.22 - <= 3.4.31`

References

https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now