Date: Tuesday, August 5, 2025 - Source: Klikonline (based on Security.NL)
Network manufacturer Ubiquiti has patched a very serious security vulnerability in several UniFi Access devices, a solution that unlocks doors via NFC, PIN, app and facial recognition Security.co.uk, among others.
The vulnerability, registered as CVE-2025-27212, was rated 9.8 on the scale of 1 to 10 - a near maximum urgency Security.nl. Attackers with access to the affected network could execute rogue commands on devices such as the UniFi Access Reader Pro (and variants), Access Intercom series and the Intercom Viewer Security.nlCyberSecurity News.
German government urges organizations and users to install the offered security updates immediately Security.co.uk.
Context & what you need to know
- What is command injection?
An attack in which an attacker can exploit uncontrolled input to execute commands on the device - complete with consequences for physical access control. - Why is it critical?
Because these are systems that unlock doors, misuse potentially brings unwanted access to buildings. - Recommended actions:
- Update all affected devices to the latest firmware immediately.
- Consider network segmentation: keep management networks strictly separated from other networks to reduce impact.
Response from the community:
"A worrying vulnerability... that such a fundamental flaw in input validation in access security occurs indicates that security-by-design is still not a given..."
- The-Real-C at Security.NL Security.nl
Summary: This vulnerability poses a direct threat to both digital and physical security. Update your devices quickly and take additional security measures to prevent misuse.