CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23164
https://notcve.org/view.php?id=CVE-2025-23164
19 May 2025 — A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled. • https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc • CWE-284: Improper Access Control •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23116 – Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-23116
01 Mar 2025 — An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras. This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks UniFi Console devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of bridge device adoption requests. The i... • https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f • CWE-287: Improper Authentication •