CVE-2025-27213 is a vulnerability identified in multiple Ubiquiti Inc UniFi Connect devices, including the UniFi Connect EV Station Pro and various UniFi Connect Display models. The core issue is an improper access control flaw within the API of these devices. Specifically, an authenticated malicious actor—meaning someone who has valid credentials or access to the API—can exploit this vulnerability to enable the Android Debug Bridge (ADB) on the device. ADB is a powerful debugging tool typically used by developers to communicate with Android devices, allowing deep system-level access. Enabling ADB in an unauthorized manner can allow the attacker to make unsupported and potentially harmful changes to the system, which could include installing unauthorized software, modifying system files, or gaining persistent control over the device. The affected products and versions are UniFi Connect EV Station Pro (version 1.5.18 and earlier), UniFi Connect Display (1.9.324 and earlier), UniFi Connect Display Cast (1.9.301 and earlier), UniFi Connect Display Cast Pro (1.0.78 and earlier), and UniFi Connect Display Cast Lite (1.0.3 and earlier). Ubiquiti has released patches for these vulnerabilities in later versions, with recommended updates to versions 1.5.27 or later for EV Station Pro, 1.13.6 or later for UniFi Connect Display, and corresponding later versions for the other affected products. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires authentication, limiting exploitation to users with some level of access, but the impact of unauthorized ADB activation is significant due to the elevated control it grants.

For European organizations, this vulnerability poses a significant risk, especially for those deploying Ubiquiti UniFi Connect devices in critical infrastructure such as electric vehicle charging stations, digital signage, or other IoT deployments. Unauthorized enabling of ADB could lead to system compromise, data exfiltration, or disruption of services. Given the role of EV charging stations in supporting the growing electric vehicle market in Europe, disruption or manipulation could impact operational continuity and customer trust. Additionally, compromised displays could be used to spread misinformation or malicious content. The vulnerability could also serve as a foothold for lateral movement within corporate or industrial networks, potentially exposing sensitive data or critical systems. The requirement for authentication reduces the risk of remote exploitation by external attackers without credentials but increases the threat from insider threats or attackers who have gained initial access through other means. The lack of known exploits in the wild suggests this is a newly disclosed vulnerability, but organizations should act promptly to mitigate risk.

Organizations should immediately verify the versions of UniFi Connect devices in their environment and prioritize updating to the patched versions specified by Ubiquiti: EV Station Pro to 1.5.27 or later, UniFi Connect Display to 1.13.6 or later, and corresponding versions for other affected devices. Beyond patching, organizations should enforce strict access controls on the API interfaces, limiting authentication to trusted users and employing strong authentication mechanisms such as multi-factor authentication (MFA). Network segmentation should be implemented to isolate these devices from critical network segments, reducing the risk of lateral movement if compromised. Monitoring and logging of API access and device configuration changes should be enhanced to detect suspicious activity indicative of unauthorized ADB activation or other anomalous behavior. Additionally, organizations should review and restrict ADB usage policies on these devices, disabling ADB entirely if not required for legitimate maintenance. Regular security audits and vulnerability assessments of IoT and connected devices will help identify similar risks proactively.