anonhaven
Ad

CVE-2019-25652

HIGH CVSS 4.0: 7.7
Updated Mar 27, 2026
Unifi
Parameter Value
CVSS 7.7 (HIGH)
Affected Versions before 5.10.22
Type CWE-295 (Improper Certificate Validation)
Vendor Unifi
Public PoC No

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

Attack Parameters

Attack Vector
Adjacent
Requires local network access
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-295 Improper Certificate Validation

References 2

https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2…
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/unifi-network-controller-improper-certific…
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22559

Unifi

8.8

CVE-2026-22558

Unifi

7.7

CVE-2026-22557

Unifi

10.0

CVE-2025-23119

Unifi

7.5

CVE-2025-23118

Unifi

6.4