{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23091", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-01-10T19:05:52.772Z", "datePublished": "2025-02-01T06:53:09.114Z", "dateUpdated": "2025-03-13T12:54:46.381Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-SE", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro-Max", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDW", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR PRO", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCKP", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK-Enterprise", "versions": [{"version": "4.1.11", "status": "affected", "lessThan": "4.1.11", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Max", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "EFG", "versions": [{"version": "4.1.13", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-02-01T06:53:09.114Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-03T15:47:37.586798Z", "id": "CVE-2025-23091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T12:54:46.381Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T15:47:37.586798Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:13.170Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UDM", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-Pro", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-SE", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDM-Pro-Max", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UDW", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UNVR", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UNVR PRO", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCKP", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCK", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCK-Enterprise", "versions": [{"status": "affected", "version": "4.1.11", "lessThan": "4.1.11", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UCG-Max", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "EFG", "versions": [{"status": "affected", "version": "4.1.13", "lessThan": "4.1.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-02-01T06:53:09.114Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23091", "state": "PUBLISHED", "dateUpdated": "2025-03-13T12:54:46.381Z", "dateReserved": "2025-01-10T19:05:52.772Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-02-01T06:53:09.114Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."}, {"lang": "es", "value": "Una validaci\u00f3n de certificado incorrecta en dispositivos UniFi OS, con Identity Enterprise configurado, podr\u00eda permitir que un actor malintencionado ejecute un ataque de intermediario (MitM) durante la actualizaci\u00f3n de la aplicaci\u00f3n."}], "id": "CVE-2025-23091", "lastModified": "2025-03-13T13:15:57.990", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2025-02-01T07:15:08.277", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}