Primary

Context

UniFi OS Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in UniFi OS devices with Identity Enterprise configured, allowing improper certificate validation. This flaw could enable a malicious actor to perform a man-in-the-middle (MitM) attack during application updates.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle attack, allowing interception and potentially modification of data during application updates.

Remediation

Users are advised to update their devices to the following versions: UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDW, UCKP, UCK, UCK-Enterprise, UCG-Max, and EFG to Version 4.1.13 or later. UNVR and UNVR PRO should be updated to Version 4.1.11 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UniFi OS Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Ubiquiti UDM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating