{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-52665","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","state":"PUBLISHED","assignerShortName":"hackerone","dateReserved":"2025-06-18T15:00:00.895Z","datePublished":"2025-10-30T23:30:28.329Z","dateUpdated":"2025-10-31T14:07:27.850Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. \n \nAffected Products:\nUniFi Access Application (Version 3.3.22 through 3.4.31). 
 \n\nMitigation:\nUpdate your UniFi Access Application to Version 4.0.21 or later."}],"affected":[{"defaultStatus":"unaffected","vendor":"Ubiquiti Inc","product":"UniFi Access Application","versions":[{"version":"3.3.22","status":"affected","lessThanOrEqual":"3.4.31","versionType":"semver"}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191"}],"providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2025-10-30T23:30:28.329Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-306","lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":10,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-31T14:05:32.616691Z","id":"CVE-2025-52665","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-31T14:07:27.850Z"}}]}}