CVE-2025-27213 is a medium-severity vulnerability affecting multiple Ubiquiti Inc UniFi Connect products, including the EV Station Pro, UniFi Connect Display, and various Display Cast variants. The vulnerability arises from improper access control within the API of these devices, allowing a malicious actor who is already authenticated to the API to enable the Android Debug Bridge (ADB) interface. Enabling ADB can allow the attacker to execute unsupported system-level changes, potentially compromising the integrity of the device's software environment. The vulnerability specifically impacts versions prior to 1.5.27 for the EV Station Pro, 1.13.6 for the Display, 1.10.3 for Display Cast, 1.0.83 for Display Cast Pro, and 1.1.3 for Display Cast Lite. The CVSS v3.1 base score is 4.9, reflecting a medium severity with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). The core issue is CWE-863: Incorrect Authorization, meaning that the system does not properly restrict access to sensitive functionality. Although exploitation requires prior authentication with high privileges, once exploited, the attacker can manipulate the system via ADB, which is a powerful debugging and control interface. No known exploits are currently reported in the wild. The vulnerability was published on August 21, 2025, and patches are available in the specified versions. This vulnerability is particularly relevant for organizations deploying UniFi Connect EV charging stations and displays, which are often used in smart infrastructure and commercial environments.

For European organizations, the impact of this vulnerability could be significant, especially for those managing EV charging infrastructure and digital signage using affected UniFi Connect devices. Successful exploitation could allow an attacker with authenticated access to escalate their control over the device, potentially leading to unauthorized system modifications. This could disrupt charging station operations, cause misinformation on displays, or serve as a foothold for lateral movement within the network. While confidentiality is not directly impacted, the integrity of the device and its data is at risk, which could undermine trust in critical infrastructure services. Given the increasing adoption of EV infrastructure across Europe, particularly in countries with strong green energy initiatives, disruption or manipulation of these devices could have operational and reputational consequences. However, the requirement for high privilege authentication limits the attack surface to insiders or compromised accounts, reducing the likelihood of widespread exploitation without prior access.

European organizations should prioritize updating all affected UniFi Connect devices to the patched versions: EV Station Pro to 1.5.27 or later, Display to 1.13.6 or later, Display Cast to 1.10.3 or later, Display Cast Pro to 1.0.83 or later, and Display Cast Lite to 1.1.3 or later. Beyond patching, organizations should enforce strict access controls and monitoring on the API interfaces to prevent unauthorized or unnecessary privileged access. Implementing network segmentation to isolate these devices from broader enterprise networks can reduce the risk of lateral movement if a device is compromised. Regular auditing of user accounts and API access logs can help detect suspicious activity early. Additionally, disabling ADB functionality by default and restricting its enablement to trusted administrators can mitigate risk. Organizations should also consider integrating these devices into their broader security monitoring and incident response plans to quickly identify and respond to potential exploitation attempts.