Skip to main content

CVE-2025-24290: Vulnerability in Ubiquiti Inc UISP Application

Critical
VulnerabilityCVE-2025-24290cvecve-2025-24290
Published: Sun Jun 29 2025 (06/29/2025, 19:25:07 UTC)
Source: CVE Database V5
Vendor/Project: Ubiquiti Inc
Product: UISP Application

Description

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

AI-Powered Analysis

AILast updated: 06/29/2025, 19:54:30 UTC

Technical Analysis

CVE-2025-24290 is a critical security vulnerability identified in the Ubiquiti Inc UISP Application, specifically affecting versions 2.4.206 and earlier, with the affected version noted as 2.4.211. The vulnerability consists of multiple authenticated SQL injection flaws. These vulnerabilities allow an attacker with low-level privileges—meaning they do not require administrative access—to perform SQL injection attacks within the application. SQL injection is a code injection technique that exploits improper sanitization of user-supplied input in SQL queries, enabling attackers to manipulate backend databases. In this case, the attacker can escalate their privileges within the UISP application, potentially gaining administrative control or access to sensitive data. The CVSS v3.0 base score is 9.9, indicating a critical severity level. The vector string (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reveals that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the system. No known exploits are currently in the wild, but the critical nature and ease of exploitation make this a significant threat. The vulnerability was reserved in January 2025 and published in June 2025, showing recent discovery and disclosure. No patch links are provided in the data, suggesting that organizations must verify the availability of updates from Ubiquiti promptly. UISP (Ubiquiti Internet Service Provider) is a network management platform widely used by ISPs and enterprises to manage network devices, making this vulnerability particularly impactful for network infrastructure security.

Potential Impact

For European organizations, the impact of CVE-2025-24290 is substantial. UISP is commonly deployed by ISPs, managed service providers, and enterprises to control network devices and infrastructure. Exploitation of this vulnerability could allow attackers to escalate privileges from a low-level user account to administrative control, enabling unauthorized access to network configurations, customer data, and operational controls. This could lead to data breaches involving personal data protected under GDPR, service disruptions, and potential manipulation of network traffic or devices. The critical severity and remote exploitability mean attackers could leverage this vulnerability to compromise multiple systems within an organization’s network, potentially affecting availability and integrity of network services. Given the importance of network infrastructure in sectors such as telecommunications, finance, healthcare, and government services across Europe, the vulnerability poses a high risk to operational continuity and data security. Additionally, the changed scope indicates that the impact could extend beyond the UISP application itself, potentially affecting connected systems and devices managed through UISP.

Mitigation Recommendations

European organizations using UISP should immediately verify their current UISP application version and upgrade to the latest patched version once available from Ubiquiti. Until patches are applied, organizations should restrict UISP application access to trusted administrators only, ideally through network segmentation and VPNs to limit exposure. Implement strict access controls and monitor for unusual activity indicative of privilege escalation attempts. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting UISP endpoints. Conduct thorough audits of user privileges within UISP to ensure minimal necessary access is granted. Regularly review logs for suspicious SQL errors or unauthorized access attempts. Additionally, organizations should prepare incident response plans specific to network management system compromises and consider isolating UISP management interfaces from the broader network. Coordinating with Ubiquiti support and subscribing to their security advisories will ensure timely awareness of patches and mitigation guidance.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
hackerone
Date Reserved
2025-01-17T01:00:07.457Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 6861967a6f40f0eb72851e9c

Added to database: 6/29/2025, 7:39:38 PM

Last enriched: 6/29/2025, 7:54:30 PM

Last updated: 7/12/2025, 6:35:04 AM

Views: 43

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats