CVE-2025-23164 is a vulnerability identified in the Ubiquiti Inc UniFi Protect Application, specifically affecting version 5.3.45 and earlier. The vulnerability stems from a misconfigured access token mechanism related to the "Share Livestream" feature. Normally, when a user shares a livestream link, the recipient is granted temporary access to view the livestream. However, due to this flaw, the recipient can maintain access to the livestream even after the original sharing link has been disabled or revoked by the owner. This indicates an improper access control implementation (CWE-284), where the token used to authenticate the recipient does not properly expire or get invalidated upon link revocation. The CVSS v3.0 score assigned is 4.4 (medium severity), with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), requiring high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), high impact on confidentiality (C:H), but no impact on integrity (I:N) or availability (A:N). This suggests that exploitation requires an attacker with high privileges on the system but can be performed remotely without user interaction. The main risk is unauthorized continued access to live video streams, which could lead to privacy breaches and unauthorized surveillance. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in January 2025 and published in May 2025.

For European organizations using the UniFi Protect Application, this vulnerability poses a significant privacy risk. Unauthorized prolonged access to live video feeds could lead to exposure of sensitive or confidential information, especially in environments such as corporate offices, government facilities, or critical infrastructure sites where video surveillance is used for security. The confidentiality breach could undermine trust in security systems and potentially violate data protection regulations such as the GDPR, which mandates strict controls over personal data processing and access. Although the vulnerability does not affect system integrity or availability, the unauthorized access to video streams can have serious reputational and legal consequences. Organizations relying on UniFi Protect for physical security may face increased risk of espionage or unauthorized monitoring if attackers exploit this flaw. The requirement for high privileges to exploit the vulnerability somewhat limits the attack surface but does not eliminate risk, especially if internal threat actors or compromised privileged accounts are involved.

To mitigate this vulnerability, European organizations should first verify the version of UniFi Protect Application in use and plan for an immediate upgrade once a patch or fixed version is released by Ubiquiti Inc. Until a patch is available, organizations should implement strict access controls around privileged accounts to reduce the risk of exploitation, including enforcing strong authentication, limiting privilege assignments, and monitoring privileged user activity for anomalies. Additionally, organizations should audit all currently shared livestream links and revoke any unnecessary or suspicious shares. It is advisable to implement network segmentation to isolate surveillance systems from general user networks, reducing exposure to potential attackers. Logging and alerting mechanisms should be enhanced to detect unusual access patterns to livestreams. Finally, organizations should review their incident response plans to include scenarios involving unauthorized video access and ensure compliance with GDPR notification requirements in case of data breaches involving video surveillance data.