CVE-2025-24290: Vulnerability in Ubiquiti Inc UISP Application
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
AI Analysis
Technical Summary
CVE-2025-24290 is a critical security vulnerability identified in the Ubiquiti Inc UISP Application, specifically affecting versions 2.4.206 and earlier, with the affected version noted as 2.4.211. The vulnerability consists of multiple authenticated SQL injection flaws. These vulnerabilities allow an attacker with low-level privileges—meaning they do not require administrative access—to perform SQL injection attacks within the application. SQL injection is a code injection technique that exploits improper sanitization of user-supplied input in SQL queries, enabling attackers to manipulate backend databases. In this case, the attacker can escalate their privileges within the UISP application, potentially gaining administrative control or access to sensitive data. The CVSS v3.0 base score is 9.9, indicating a critical severity level. The vector string (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reveals that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the system. No known exploits are currently in the wild, but the critical nature and ease of exploitation make this a significant threat. The vulnerability was reserved in January 2025 and published in June 2025, showing recent discovery and disclosure. No patch links are provided in the data, suggesting that organizations must verify the availability of updates from Ubiquiti promptly. UISP (Ubiquiti Internet Service Provider) is a network management platform widely used by ISPs and enterprises to manage network devices, making this vulnerability particularly impactful for network infrastructure security.
Potential Impact
For European organizations, the impact of CVE-2025-24290 is substantial. UISP is commonly deployed by ISPs, managed service providers, and enterprises to control network devices and infrastructure. Exploitation of this vulnerability could allow attackers to escalate privileges from a low-level user account to administrative control, enabling unauthorized access to network configurations, customer data, and operational controls. This could lead to data breaches involving personal data protected under GDPR, service disruptions, and potential manipulation of network traffic or devices. The critical severity and remote exploitability mean attackers could leverage this vulnerability to compromise multiple systems within an organization’s network, potentially affecting availability and integrity of network services. Given the importance of network infrastructure in sectors such as telecommunications, finance, healthcare, and government services across Europe, the vulnerability poses a high risk to operational continuity and data security. Additionally, the changed scope indicates that the impact could extend beyond the UISP application itself, potentially affecting connected systems and devices managed through UISP.
Mitigation Recommendations
European organizations using UISP should immediately verify their current UISP application version and upgrade to the latest patched version once available from Ubiquiti. Until patches are applied, organizations should restrict UISP application access to trusted administrators only, ideally through network segmentation and VPNs to limit exposure. Implement strict access controls and monitor for unusual activity indicative of privilege escalation attempts. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting UISP endpoints. Conduct thorough audits of user privileges within UISP to ensure minimal necessary access is granted. Regularly review logs for suspicious SQL errors or unauthorized access attempts. Additionally, organizations should prepare incident response plans specific to network management system compromises and consider isolating UISP management interfaces from the broader network. Coordinating with Ubiquiti support and subscribing to their security advisories will ensure timely awareness of patches and mitigation guidance.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-24290: Vulnerability in Ubiquiti Inc UISP Application
Description
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
AI-Powered Analysis
Technical Analysis
CVE-2025-24290 is a critical security vulnerability identified in the Ubiquiti Inc UISP Application, specifically affecting versions 2.4.206 and earlier, with the affected version noted as 2.4.211. The vulnerability consists of multiple authenticated SQL injection flaws. These vulnerabilities allow an attacker with low-level privileges—meaning they do not require administrative access—to perform SQL injection attacks within the application. SQL injection is a code injection technique that exploits improper sanitization of user-supplied input in SQL queries, enabling attackers to manipulate backend databases. In this case, the attacker can escalate their privileges within the UISP application, potentially gaining administrative control or access to sensitive data. The CVSS v3.0 base score is 9.9, indicating a critical severity level. The vector string (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reveals that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the system. No known exploits are currently in the wild, but the critical nature and ease of exploitation make this a significant threat. The vulnerability was reserved in January 2025 and published in June 2025, showing recent discovery and disclosure. No patch links are provided in the data, suggesting that organizations must verify the availability of updates from Ubiquiti promptly. UISP (Ubiquiti Internet Service Provider) is a network management platform widely used by ISPs and enterprises to manage network devices, making this vulnerability particularly impactful for network infrastructure security.
Potential Impact
For European organizations, the impact of CVE-2025-24290 is substantial. UISP is commonly deployed by ISPs, managed service providers, and enterprises to control network devices and infrastructure. Exploitation of this vulnerability could allow attackers to escalate privileges from a low-level user account to administrative control, enabling unauthorized access to network configurations, customer data, and operational controls. This could lead to data breaches involving personal data protected under GDPR, service disruptions, and potential manipulation of network traffic or devices. The critical severity and remote exploitability mean attackers could leverage this vulnerability to compromise multiple systems within an organization’s network, potentially affecting availability and integrity of network services. Given the importance of network infrastructure in sectors such as telecommunications, finance, healthcare, and government services across Europe, the vulnerability poses a high risk to operational continuity and data security. Additionally, the changed scope indicates that the impact could extend beyond the UISP application itself, potentially affecting connected systems and devices managed through UISP.
Mitigation Recommendations
European organizations using UISP should immediately verify their current UISP application version and upgrade to the latest patched version once available from Ubiquiti. Until patches are applied, organizations should restrict UISP application access to trusted administrators only, ideally through network segmentation and VPNs to limit exposure. Implement strict access controls and monitor for unusual activity indicative of privilege escalation attempts. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting UISP endpoints. Conduct thorough audits of user privileges within UISP to ensure minimal necessary access is granted. Regularly review logs for suspicious SQL errors or unauthorized access attempts. Additionally, organizations should prepare incident response plans specific to network management system compromises and consider isolating UISP management interfaces from the broader network. Coordinating with Ubiquiti support and subscribing to their security advisories will ensure timely awareness of patches and mitigation guidance.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- hackerone
- Date Reserved
- 2025-01-17T01:00:07.457Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 6861967a6f40f0eb72851e9c
Added to database: 6/29/2025, 7:39:38 PM
Last enriched: 6/29/2025, 7:54:30 PM
Last updated: 7/12/2025, 6:35:04 AM
Views: 43
Related Threats
CVE-2025-7539: SQL Injection in code-projects Online Appointment Booking System
MediumCVE-2025-53865: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in roundup-tracker Roundup
MediumCVE-2025-7538: Unrestricted Upload in Campcodes Sales and Inventory System
MediumCVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System
MediumCVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.