CVE-2025-24292 is a vulnerability identified in the Ubiquiti Inc UniFi Network Application, specifically affecting versions 9.2.87 and earlier. The issue arises from a misconfigured query within the application that manages authentication for Enterprise WiFi and VPN services (L2TP and OpenVPN). When both 802.1X or MAC Authentication and VPN services are enabled and share the same RADIUS profile, an attacker can exploit this misconfiguration to authenticate to these services using only a device's MAC address. This bypasses normal authentication mechanisms, potentially allowing unauthorized access to the network. The vulnerability has a CVSS v3.0 base score of 6.8, categorized as medium severity. The vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) with high confidentiality impact (C:H), but no impact on integrity or availability (I:N/A:N). No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability could allow attackers to impersonate devices by spoofing MAC addresses, gaining unauthorized access to enterprise WiFi or VPN services, which are critical for secure remote and internal communications.

For European organizations, this vulnerability poses a significant risk to network security, particularly in sectors relying heavily on secure wireless and VPN access, such as finance, healthcare, government, and critical infrastructure. Unauthorized access via MAC address spoofing could lead to exposure of sensitive data, unauthorized lateral movement within networks, and potential breaches of compliance with GDPR and other data protection regulations. The confidentiality impact is high as attackers could access internal resources without proper authentication. Although integrity and availability are not directly affected, the unauthorized access could facilitate further attacks that compromise these aspects. The medium severity score reflects the high confidentiality risk balanced against the high attack complexity, meaning exploitation is not trivial but feasible for skilled attackers. Given the widespread use of Ubiquiti UniFi products in European enterprises and SMBs, this vulnerability could have broad implications if exploited.

Organizations should immediately review their UniFi Network Application deployments to determine if they are running affected versions (9.2.87 or earlier) and whether both 802.1X/MAC Authentication and VPN services share the same RADIUS profile. As no official patches are currently linked, temporary mitigations include segregating RADIUS profiles for WiFi and VPN services to prevent cross-authentication via MAC addresses. Network administrators should enforce stronger authentication methods that do not rely solely on MAC addresses, such as certificate-based 802.1X authentication, and disable MAC Authentication where possible. Monitoring network logs for unusual authentication attempts or MAC address anomalies can help detect exploitation attempts. Additionally, restricting network access by implementing network segmentation and zero-trust principles can limit the impact of any unauthorized access. Organizations should stay alert for official patches or updates from Ubiquiti and apply them promptly once available.