CVE-2025-27214
Ubiquiti · UniFi Connect EV Station Pro
A missing authentication vulnerability in the UniFi Connect EV Station Pro allows unauthorized parties with physical or adjacent network access to perform a factory reset.
Executive summary
A critical missing authentication vulnerability in the Ubiquiti UniFi Connect EV Station Pro poses a significant risk of unauthorized factory reset by attackers with physical or adjacent access.
Vulnerability
This vulnerability is categorized as a Missing Authentication for Critical Function flaw. It permits an attacker with physical or adjacent network access to trigger a factory reset without requiring prior authentication.
Business impact
The ability for an unauthorized actor to perform a factory reset on critical infrastructure like an EV charging station can lead to complete service disruption and downtime. Given the CVSS score of 9.8, the potential for intentional sabotage and the associated costs of reconfiguring and restoring network-connected hardware present a high operational risk to the organization.
Remediation
Immediate Action: Identify all deployed UniFi Connect EV Station Pro units and apply the latest firmware updates provided by Ubiquiti as soon as they become available.
Proactive Monitoring: Monitor network traffic for unusual access attempts or unauthorized management commands directed at EV Station hardware.
Compensating Controls: Restrict physical access to the device management interfaces and ensure that the equipment is isolated on a segmented network to limit the scope of potential adjacent access.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The severity of this vulnerability necessitates immediate attention to prevent unauthorized disruption of hardware services. Organizations should prioritize updating their firmware to the latest secure version once released by the vendor to eliminate this authentication bypass risk.