Ubiquity has revealed two security vulnerabilities in its UniFi Protect platform, including a critical remote code execution flaw. The company has issued firmware and application updates to patch these issues and urges users to install them promptly. (Affected: UniFi Protect Systems and Application)
Keypoints :
- Two vulnerabilities were disclosed in Ubiquityβs UniFi Protect platform, one critical and one medium severity.
- The critical vulnerability (CVE-2025-23123) allows remote attackers to execute arbitrary code via a heap-based buffer overflow.
- This critical flaw affects cameras running firmware version 4.75.43 and earlier and can be exploited over the network without authentication.
- The second vulnerability (CVE-2025-23164) involves persistent livestream access due to a misconfigured access token mechanism.
- Ubiquity has released firmware update 4.75.62 for cameras and application version 5.3.45 to address these vulnerabilities.
- Users are strongly advised to update their devices immediately to prevent exploitation, unauthorized access, or malware installation.
- A known issue with HDR-disabled Hallway mode streaming persists on G5-Pro models after the updates.
Read More: https://thecyberexpress.com/ubiquity-unifi-protect-flaws-cve-2025-23123/