Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
Description
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Ubiquiti
PRODUCT: UniFi Connect EV Station Lite
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
Improper input validation in the UniFi Connect EV Station Lite allows for command injection by remote attackers with network access to the device.
Executive Summary:
A critical command injection vulnerability in the Ubiquiti UniFi Connect EV Station Lite allows remote attackers to execute arbitrary commands, posing a severe risk of system compromise.
Vulnerability Details
CVE-ID: CVE-2025-24285
Affected Software: Ubiquiti UniFi Connect EV Station Lite
Affected Versions: See vendor advisory
Vulnerability: The vulnerability stems from multiple improper input validation flaws that allow an attacker with network access to perform command injection. This bypasses security controls and potentially grants the attacker control over the underlying operating system.
Business Impact
With a CVSS score of 9.8, this vulnerability represents a critical risk of full system compromise, including unauthorized data access or the use of the device as a pivot point in the network. Such an exploit could lead to significant reputational damage, service outages, and the potential for lateral movement within the corporate network.
Remediation Plan
Immediate Action: Update the UniFi Connect EV Station Lite firmware to the latest version immediately to patch the input validation flaws.
Proactive Monitoring: Review system and network logs for evidence of command execution attempts or anomalous traffic patterns originating from or directed toward the charging station.
Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to inspect and block malicious input strings targeting the device.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 21, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of command injection vulnerabilities, it is imperative to apply vendor-supplied patches immediately. Organizations must ensure that these devices are not exposed to untrusted networks until the remediation is verified.