Which Ubiquiti UniFi Access products are affected by CVE-2025-27212?

The vulnerability impacts six UniFi Access product lines: UniFi Access Reader Pro (version 2.14.21 and earlier), UniFi Access G2 Reader Pro (version 1.10.32 and earlier), UniFi Access G3 Reader Pro (version 1.10.30 and earlier), UniFi Access Intercom (version 1.7.28 and earlier), UniFi Access G3 Intercom (version 1.7.29 and earlier), and UniFi Access Intercom Viewer (version 1.3.20 and earlier).

How does the Ubiquiti UniFi Access vulnerability work?

The vulnerability exploits inadequate input validation controls in the UniFi Access management network. Authenticated attackers who have access to the UniFi Access management network can execute arbitrary commands on vulnerable devices through command injection techniques.

What firmware updates fix the Ubiquiti UniFi Access vulnerability?

Ubiquiti has released firmware updates for all affected products: UniFi Access Reader Pro version 2.15.9 or later, UniFi Access G2 Reader Pro version 1.11.23 or later, UniFi Access G3 Reader Pro version 1.11.22 or later, UniFi Access Intercom version 1.8.22 or later, UniFi Access G3 Intercom version 1.8.22 or later, and UniFi Access Intercom Viewer version 1.4.39 or later.

What is the CVSS score for the Ubiquiti UniFi Access vulnerability?

CVE-2025-27212 has a CVSS score of 9.8, which represents a critical severity level. This high score reflects the potential for complete compromise of access control systems through the command injection vulnerability.

What temporary mitigation is available for the Ubiquiti vulnerability?

As a temporary mitigation measure, organizations should isolate the Access management networks from the rest of the corporate networks. This helps limit the potential attack surface while organizations work to apply the firmware updates.

What access is required to exploit the Ubiquiti UniFi Access vulnerability?

The vulnerability requires authenticated access to the UniFi Access management network. While authentication is required, once an attacker has this access, they can execute arbitrary commands and potentially achieve complete compromise of the access control systems.

What are Ubiquiti UniFi Access devices used for?

Ubiquiti UniFi Access devices are physical access control systems that include card readers, intercoms, and related security hardware used to manage building access, door controls, and visitor communication systems in corporate and residential environments.

What is the potential impact of the Ubiquiti UniFi Access vulnerability?

The vulnerability could lead to complete compromise of access control systems, allowing attackers to execute arbitrary commands on vulnerable devices. This could potentially enable unauthorized building access, manipulation of door controls, interception of communications, and broader network infiltration.

How should organizations respond to the Ubiquiti UniFi Access vulnerability?

Organizations should immediately apply the available firmware updates to patch the vulnerability. As a temporary measure while updating, they should isolate Access management networks from corporate networks. Organizations should also review access controls to the UniFi Access management network to ensure only authorized personnel have access.

Advisory

Ubiquiti reports critical command injection flaw in UniFi Access devices

Q: What is the critical Ubiquiti UniFi Access vulnerability CVE-2025-27212?

CVE-2025-27212 is a critical command injection vulnerability affecting multiple UniFi Access devices with a CVSS score of 9.8. It allows authenticated attackers with access to the UniFi Access management network to execute arbitrary commands on vulnerable devices, potentially leading to complete compromise of access control systems.

published: July 18, 2025

Take action: If you have any computer network, make sure that the management network is isolated from the main corporate network. If you have Ubiquiti UniFi Access devices, plan a regular update cycle of the devices. If your management network isn't isolated, it's an urgent patch.

Learn More

Ubiquiti Networks is reporting a critical command injection vulnerability affecting multiple UniFi Access devices.

The vulnerability is tracked as CVE-2025-27212 (CVSS score 9.8) and allows authenticated attackers with access to the UniFi Access management network to execute arbitrary commands on vulnerable devices, potentially leading to complete compromise of access control systems. The vulnerability exploits inadequate input validation controls in the UniFi Access management network.

The vulnerability impacts six UniFi Access product lins:

UniFi Access Reader Pro - Version 2.14.21 and earlier
UniFi Access G2 Reader Pro - Version 1.10.32 and earlier
UniFi Access G3 Reader Pro - Version 1.10.30 and earlier
UniFi Access Intercom - Version 1.7.28 and earlier
UniFi Access G3 Intercom - Version 1.7.29 and earlier
UniFi Access Intercom Viewer - Version 1.3.20 and earlier

Ubiquiti has released firmware updates for all affected product lines:

UniFi Access Reader Pro version 2.15.9 or later
UniFi Access G2 Reader Pro version 1.11.23 or later
UniFi Access G3 Reader Pro version 1.11.22 or later
UniFi Access Intercom version 1.8.22 or later
UniFi Access G3 Intercom version 1.8.22 or later
UniFi Access Intercom Viewer version 1.4.39 or later

As a temporary mitigation measure, organizations should isolate the Access management networks from the rest of the corporate networks.

Ubiquiti reports critical command injection flaw in UniFi Access devices

Read More
Critical Ivanti vTM flaw now actively exploited
Oracle April 2026 Critical Patch Update Addresses 481 …
Cisco patches critical hardcoded credentials vulnerability in Unified …
Security flaws in Citrix Virtual Apps session recording …
Malware Actively Planted on Vulnerable Barracuda email gateways