CVE-2025-27212 is a security vulnerability identified in multiple UniFi Access devices produced by Ubiquiti Inc, specifically affecting the UniFi Access Reader Pro series and related intercom products. The vulnerability arises from improper input validation within the affected devices' software, which could allow a malicious actor with access to the UniFi Access management network to perform command injection attacks. Command injection vulnerabilities enable attackers to execute arbitrary commands on the device's underlying operating system, potentially leading to unauthorized control over the device, data exfiltration, or disruption of device functionality. The affected products include UniFi Access Reader Pro (versions 2.14.21 and earlier), UniFi Access G2 Reader Pro (1.10.32 and earlier), UniFi Access G3 Reader Pro (1.10.30 and earlier), UniFi Access Intercom (1.7.28 and earlier), UniFi Access G3 Intercom (1.7.29 and earlier), and UniFi Access Intercom Viewer (1.3.20 and earlier). The vulnerability requires the attacker to have network access to the UniFi Access management network, which typically implies internal network access or compromised network segments. No known exploits are currently reported in the wild. Mitigation is available through firmware and software updates to versions 2.15.9 or later for UniFi Access Reader Pro, 1.11.23 or later for UniFi Access G2 Reader Pro, 1.11.22 or later for UniFi Access G3 Reader Pro, 1.8.22 or later for both UniFi Access Intercom and G3 Intercom, and 1.4.39 or later for UniFi Access Intercom Viewer. These updates address the improper input validation and prevent command injection attacks.

For European organizations, this vulnerability poses a significant risk to physical security infrastructure relying on UniFi Access devices. These devices are often deployed in corporate offices, data centers, and critical infrastructure facilities to control and monitor physical access. Successful exploitation could allow attackers to execute arbitrary commands on access control devices, potentially disabling security controls, unlocking doors, or manipulating access logs. This could lead to unauthorized physical access, data breaches, or sabotage. Additionally, compromised devices could serve as footholds for lateral movement within internal networks, escalating the scope of an attack. Given the reliance on these devices for secure access management, the impact on confidentiality, integrity, and availability of physical security systems is substantial. The requirement for network access to the management network somewhat limits the attack surface to insiders or attackers who have already breached perimeter defenses, but this does not diminish the severity for organizations with less segmented or poorly secured internal networks.

European organizations should prioritize immediate patching of all affected UniFi Access devices to the versions specified by Ubiquiti Inc. Beyond patching, organizations should implement strict network segmentation to isolate UniFi Access management networks from general corporate networks and the internet, reducing the risk of unauthorized access. Employing strong network access controls, such as VLANs, firewall rules, and zero-trust principles, will limit exposure. Monitoring and logging of access control device network traffic should be enhanced to detect anomalous commands or communications indicative of exploitation attempts. Additionally, organizations should review and enforce strong authentication and authorization policies for management interfaces to prevent unauthorized access. Regular vulnerability assessments and penetration testing focused on physical security infrastructure can help identify residual risks. Finally, organizations should maintain an inventory of all UniFi Access devices deployed to ensure comprehensive coverage during patch management.