CVE-2025-27217

Ubiquiti · UISP Application

The UISP Application contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users to make unauthorized requests outside the application's intended scope.

Executive summary

An SSRF vulnerability in the Ubiquiti UISP Application allows malicious actors with specific permissions to perform unauthorized requests, potentially exposing internal network resources.

Vulnerability

This is a Server-Side Request Forgery (SSRF) vulnerability where an authenticated attacker with specific permissions can force the application to make requests to unintended internal or external destinations.

Business impact

This vulnerability could be leveraged to bypass network segmentation, probe internal services, or interact with sensitive APIs that are not exposed to the public internet. With a CVSS score of 9.1, the vulnerability is highly critical as it facilitates unauthorized access to internal resources, potentially leading to data theft or further network compromise.

Remediation

Immediate Action: Update the UISP Application to the latest version provided by Ubiquiti to address the SSRF flaw.

Proactive Monitoring: Audit application logs for unusual outbound requests from the UISP server to internal subnets or unauthorized external endpoints.

Compensating Controls: Implement strict egress filtering on the server hosting the UISP application to prevent it from initiating connections to sensitive internal network segments.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The ability for an authenticated user to perform SSRF attacks significantly expands the attack surface of the internal network. Administrators should apply the latest security updates provided by the vendor to remediate this vulnerability and limit the potential for lateral movement.