Ubiquity has disclosed two safety vulnerabilities affecting its broadly used video surveillance platform, UniFi Shield. One of many flaws, now assigned the identifier CVE-2025-23123, has been rated as crucial with a most CVSS rating of 10.0. Each points have been addressed in latest firmware and utility updates, and the corporate is urging customers to put in these patches directly.
The vulnerabilities had been detailed in Security Advisory Bulletin 047, revealed by Ubiquity on Could 6, 2025. In accordance with the bulletin, attackers who achieve entry to the administration community of Ubiquity UniFi Shield programs may exploit the failings to execute malicious code or keep unauthorized entry to video livestreams, even after hyperlinks are supposedly disabled.
CVE-2025-23123: Vital Distant Code Execution Vulnerability
The extra extreme of the 2 points, CVE-2025-23123, impacts UniFi Shield Cameras working firmware model 4.75.43 and earlier. This vulnerability permits a distant attacker with inner community entry to set off a heap-based buffer overflow, enabling the execution of arbitrary code. The flaw is classed as a Remote Code Execution (RCE) risk and poses cybersecurity dangers for enterprise environments.
“This vulnerability is very harmful due to its low complexity and the absence of person interplay wanted to use it,” Ubiquity famous.
The CVSS v3.0 vector for this flaw is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, which confirms that the vulnerability may be exploited over the community with out authentication or person intervention.
Persistent Livestream Entry
The second vulnerability, recognized as CVE-2025-23164, impacts the Ubiquity UniFi Shield Software model 5.3.41 and earlier. This flaw stems from a misconfigured entry token mechanism, which may permit a person to retain entry to a livestream after the unique “Share Livestream” hyperlink has been disabled.
Though this vulnerability is rated as medium with a CVSS score of 4.4, it still poses privacy and surveillance considerations, particularly for customers sharing safety digital camera entry. Ubiquity attributes this discovery to safety researcher Mike S. Schonert and has resolved the problem in model 5.3.45 of the UniFi Shield utility.
Updates and Fixes Launched
To handle these vulnerabilities, Ubiquity has launched the next updates:
- UniFi Shield Cameras 4.75.62: This replace resolves the crucial RCE concern and contains efficiency enhancements like improved Discuss Again resiliency and extra correct car detection for G6 fashions. A bug inflicting failure in highlight activation after goal detection was additionally mounted.
- UniFi Shield Software 5.3.45: Alongside the safety patch, this model contains enhancements to cloud archiving UX, doorbell quantity controls, and a bug repair for incorrect camera reassignment following an AI port restart.
Regardless of these enhancements, Ubiquity did notice a recognized concern: Hallway mode streaming in HDR-disabled settings is at present not performing on G5-Professional fashions.
Customers are strongly urged to replace their Ubiquity UniFi programs instantly, as unpatched gadgets—particularly these on uncovered or partially secured networks—may be exploited by way of crucial vulnerabilities like this one, probably permitting attackers to install malware, conduct unauthorized surveillance, or entry broader community sources.
Associated
Media Disclaimer: This report relies on inner and exterior analysis obtained by way of numerous means. The knowledge offered is for reference functions solely, and customers bear full duty for his or her reliance on it. The Cyber Express assumes no legal responsibility for the accuracy or penalties of utilizing this info.
