A critical path traversal vulnerability in the UniFi Network Application allows attackers with network access to compromise underlying system files and gain unauthorized account control.

This vulnerability is a Path Traversal flaw that permits a malicious actor with network access to bypass directory restrictions. By crafting specific requests, an attacker can read or manipulate files on the host operating system, potentially leading to the compromise of administrative credentials or session tokens.

The impact of this vulnerability is severe, as reflected by its CVSS score of 10.0. An attacker could gain full administrative control over the UniFi Network Application, leading to unauthorized network configuration changes, data exfiltration, or the disruption of entire corporate network infrastructures. This represents a total loss of confidentiality, integrity, and availability for the affected management platform.

Immediate Action: Update the UniFi Network Application to the latest patched version provided by Ubiquiti immediately.

Proactive Monitoring: Review system and application logs for suspicious file access patterns or directory traversal sequences (e.g., "../") in HTTP requests.

Compensating Controls: Restrict access to the UniFi Network Application management interface to trusted internal IP addresses or a dedicated management VPN.

Public Exploit Available: No

Given the CVSS score of 10.0, this vulnerability should be treated as a top priority for security teams. Immediate application of the vendor-supplied update is the only effective way to mitigate the risk of full system compromise. Ensure that management interfaces are never exposed directly to the public internet.