Ubiquiti UniFi Defend Digicam Vulnerability Permits Distant Code Execution by Attackers

Crucial safety vulnerabilities in Ubiquiti’s UniFi Defend surveillance ecosystem-one rated the utmost severity rating of 10.0-could permit attackers to hijack cameras, execute malicious code remotely, and preserve unauthorized entry to video feeds.

The failings, disclosed on Might 6, 2025, have an effect on the UniFi Defend Cameras firmware and the UniFi Defend Utility, exposing enterprise and residential surveillance methods to exploitation.

Safety researchers have urged fast patching to mitigate dangers of community compromise and privateness breaches.

Probably the most extreme vulnerability, tracked as CVE-2025-23123, stems from a heap buffer overflow within the firmware of UniFi Defend Cameras (variations 4.75.43 and earlier).

Attackers with entry to the administration community can exploit this flaw to set off distant code execution (RCE), granting full management over affected gadgets.

The vulnerability’s CVSS v3.0 rating of 10.0 displays its criticality, with the assault vector categorised as network-based (AV:N), requiring no person interplay or privileges (PR:N/UI:N).

Heap buffer overflows happen when a program writes knowledge past the allotted reminiscence area, corrupting adjoining knowledge buildings.

On this case, malformed community packets despatched to the digicam’s administration interface overwhelm the buffer, enabling attackers to overwrite essential reminiscence addresses.

Profitable exploitation may permit deployment of malware, manipulation of video feeds, or lateral motion throughout linked networks.

The flaw’s “excessive” impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) underscore its potential to disrupt bodily safety infrastructure.

Researcher Mathew Marcus, credited with discovering the vulnerability, emphasised that unpatched cameras in company or essential infrastructure environments may function entry factors for ransomware assaults or espionage.

Ubiquiti has not disclosed whether or not lively exploitation has been noticed, however the absence of exploit complexity (AC:L) suggests low limitations for menace actors.

Misconfigured Livestream Sharing Tokens

A secondary vulnerability, CVE-2025-23164 (CVSS 4.4), impacts the UniFi Defend Utility (variations 5.3.41 and earlier).

The flaw resides within the “Share Livestream” characteristic, which generates time-limited entry hyperlinks for exterior customers.

As a consequence of a misconfigured token revocation mechanism, recipients of disabled hyperlinks retain entry to livestreams indefinitely.

Whereas much less extreme than the RCE flaw, this oversight creates persistent privateness dangers, notably for organizations sharing delicate footage.

The assault vector requires preliminary entry to a reputable livestream hyperlink (PR:H) and hinges on Ubiquiti’s failure to invalidate tokens upon hyperlink deactivation.

Although the complexity is excessive (AC:H), profitable exploitation permits unauthorized events to watch video feeds covertly.

Researcher Mike S Schonert famous that menace actors may mix this flaw with social engineering ways to reap legitimate hyperlinks, amplifying the chance of information leaks.

In contrast to the network-wide implications of CVE-2025-23123, this vulnerability’s scope is proscribed to compromised livestreams (S:U).

Nonetheless, industries like healthcare or education-where video feeds usually include delicate private data-face heightened publicity.

Ubiquiti’s advisory confirms that the flaw doesn’t allow entry to historic footage or different system elements, mitigating its broader influence.

Mitigation and Vendor Response

Ubiquiti has launched firmware updates to deal with each vulnerabilities. UniFi Defend Cameras have to be upgraded to model 4.75.62 or later to resolve CVE-2025-23123, whereas the UniFi Defend Utility requires model 5.3.45 or newer to repair CVE-2025-23164.

The patches, distributed through Ubiquiti’s auto-update mechanism, modify reminiscence administration routines within the digicam firmware and introduce strict token expiration protocols within the Defend Utility.

Organizations unable to use fast updates ought to phase surveillance networks from essential infrastructure, limit administration interface entry, and audit lively livestream hyperlinks.

Ubiquiti has additionally really useful disabling the “Share Livestream” characteristic till patches are deployed, although this will likely hinder collaboration in safety operations facilities.

Whereas no workarounds exist for the RCE vulnerability, its exploitation requires proximity to the administration community.

Enterprises ought to implement zero-trust ideas, requiring multi-factor authentication for community entry and monitoring for anomalous visitors patterns.

The staggered disclosure timeline-with fixes launched concurrently with advisories-highlights the coordinated effort between Ubiquiti and exterior researchers to reduce publicity home windows.

As surveillance methods more and more combine with IoT ecosystems, these vulnerabilities underscore the significance of firmware hygiene.

With over 1.2 million UniFi Defend gadgets deployed globally, well timed patching stays the best protection in opposition to weaponized exploits concentrating on bodily and digital safety infrastructures.