{"id":"CVE-2025-52665","details":"A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. \n \nAffected Products:\nUniFi Access Application (Version 3.3.22 through 3.4.31). \u2028 \n\nMitigation:\nUpdate your UniFi Access Application to Version 4.0.21 or later.","modified":"2026-04-10T05:30:43.168930Z","published":"2025-10-31T00:15:37Z","references":[{"type":"ADVISORY","url":"https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.3.22"},{"fixed":"4.0.21"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52665.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}