CVE-2025-27212 is a critical vulnerability identified in multiple UniFi Access devices manufactured by Ubiquiti Inc, specifically affecting the UniFi Access Reader Pro series and related intercom products. The root cause is improper input validation, which allows a remote attacker with access to the UniFi Access management network to perform command injection attacks. This means that malicious actors can execute arbitrary commands on the affected devices, potentially gaining control over them or disrupting their normal operation. The affected products include UniFi Access Reader Pro (versions 2.14.21 and earlier), UniFi Access G2 Reader Pro (1.10.32 and earlier), UniFi Access G3 Reader Pro (1.10.30 and earlier), UniFi Access Intercom (1.7.28 and earlier), UniFi Access G3 Intercom (1.7.29 and earlier), and UniFi Access Intercom Viewer (1.3.20 and earlier). The vulnerability is classified under CWE-20 (Improper Input Validation) and CWE-77 (Command Injection). The CVSS v3.1 base score is 9.8, indicating a critical severity level, with attack vector being network-based, no privileges or user interaction required, and full impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the critical impact makes this a significant threat. The vulnerability affects devices that are typically deployed in physical access control systems, which are integral to securing premises and controlling entry points in organizations. Successful exploitation could allow attackers to bypass physical security controls, manipulate access logs, or disrupt access management services.

For European organizations, the impact of this vulnerability is substantial. UniFi Access devices are commonly used in corporate offices, data centers, government buildings, and critical infrastructure facilities across Europe for physical access control. Exploitation could lead to unauthorized physical access, enabling attackers to enter secure areas undetected or manipulate access permissions. This undermines both physical and cybersecurity postures, potentially facilitating further attacks such as theft of sensitive data, sabotage, or espionage. Additionally, disruption or takeover of these devices could cause denial of service to access control systems, leading to operational downtime and safety risks. Given the critical nature of these systems in sectors like finance, healthcare, transportation, and public administration, the vulnerability poses a direct threat to organizational security and compliance with European data protection and security regulations (e.g., GDPR, NIS Directive).

Organizations should immediately verify the firmware versions of all UniFi Access devices in their environment and upgrade to the patched versions as specified: UniFi Access Reader Pro to version 2.15.9 or later, UniFi Access G2 Reader Pro to 1.11.23 or later, UniFi Access G3 Reader Pro to 1.11.22 or later, UniFi Access Intercom and G3 Intercom to 1.8.22 or later, and UniFi Access Intercom Viewer to 1.4.39 or later. Beyond patching, network segmentation should be enforced to isolate UniFi Access management networks from general corporate networks and the internet, limiting access to trusted administrators only. Implement strict access controls and monitoring on the management network to detect anomalous commands or traffic patterns indicative of exploitation attempts. Regularly audit device configurations and logs for signs of compromise. Employ multi-factor authentication for management interfaces where supported. Additionally, organizations should develop incident response plans specifically addressing physical access control system compromises and conduct staff training to recognize and report suspicious activity related to access control devices.