CVE-2025-27215 is a high-severity vulnerability affecting multiple versions of Ubiquiti Inc's UniFi Connect Display Cast product line, including the standard, Pro, and Lite editions. The root cause is an improper access control weakness (CWE-284) in the API of these devices. Specifically, an attacker who is authenticated to the API can perform unsupported or unauthorized changes to the system. This implies that while the attacker must have some level of legitimate access (authenticated), the access control mechanisms fail to properly restrict the scope of actions they can perform, allowing privilege escalation or unauthorized configuration changes. The vulnerability affects UniFi Connect Display Cast versions 1.10.3 and earlier, UniFi Connect Display Cast Pro versions 1.0.89 and earlier, and UniFi Connect Display Cast Lite versions 1.0.3 and earlier. The vendor has released patches in versions 1.10.7, 1.0.94, and 1.1.8 respectively to address this issue. The CVSS v3.1 base score is 8.1, indicating a high severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) reveals that the vulnerability is remotely exploitable over the network with low attack complexity, requires low privileges (authenticated user), no user interaction, and impacts confidentiality and integrity significantly, but not availability. No known exploits are reported in the wild yet. The vulnerability could allow an attacker to manipulate device configurations or data, potentially leading to unauthorized access to sensitive information or disruption of normal device operations. Given the role of these devices in network environments, such unauthorized changes could undermine network security or stability.

For European organizations, this vulnerability poses a significant risk especially for those deploying UniFi Connect Display Cast devices in enterprise, educational, or public sector environments. Unauthorized changes to device configurations could lead to exposure of sensitive network information, interception or manipulation of data streams, or creation of backdoors for further attacks. Since these devices are often integrated into network infrastructure for display and communication purposes, compromise could affect operational integrity and confidentiality. The requirement for authentication means insider threats or compromised credentials could be leveraged by attackers. The impact is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized data access or leakage could result in legal and financial penalties. Additionally, disruption or manipulation of these devices could impair business continuity or public services relying on them. The absence of known exploits in the wild currently provides a window for mitigation, but the high severity score and ease of exploitation suggest that threat actors may develop exploits soon.

European organizations should prioritize updating all affected UniFi Connect Display Cast devices to the patched versions: 1.10.7 or later for standard, 1.0.94 or later for Pro, and 1.1.8 or later for Lite editions. Beyond patching, organizations should enforce strict access controls on the API, including network segmentation to limit API access only to trusted management hosts. Implement strong authentication mechanisms, such as multi-factor authentication, to reduce risk from compromised credentials. Regularly audit API access logs for suspicious activities and unauthorized changes. Employ network monitoring to detect anomalous traffic patterns targeting these devices. Where possible, disable or restrict API access if not required. Additionally, maintain an inventory of all UniFi Connect Display Cast devices to ensure comprehensive coverage of patches and controls. Educate administrators on the risks of improper access control and the importance of credential security. Finally, integrate these devices into broader vulnerability management and incident response processes to ensure rapid detection and remediation of any exploitation attempts.