CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras

Ubiquity has disclosed two security vulnerabilities affecting its widely used video surveillance platform, UniFi Protect. One of the flaws, now assigned the identifier CVE-2025-23123, has been rated as critical with a maximum CVSS score of 10.0. Both issues have been addressed in recent firmware and application updates, and the company is urging users to install these patches without delay. 

The vulnerabilities were detailed in Security Advisory Bulletin 047, published by Ubiquity on May 6, 2025. According to the bulletin, attackers who gain access to the management network of Ubiquity UniFi Protect systems could exploit the flaws to execute malicious code or maintain unauthorized access to video livestreams, even after links are supposedly disabled. 

CVE-2025-23123: Critical Remote Code Execution Vulnerability

The more severe of the two issues, CVE-2025-23123, affects UniFi Protect Cameras running firmware version 4.75.43 and earlier. This vulnerability allows a remote attacker with internal network access to trigger a heap-based buffer overflow, enabling the execution of arbitrary code. The flaw is classified as a Remote Code Execution (RCE) threat and poses cybersecurity risks for enterprise environments. 

“This vulnerability is especially dangerous because of its low complexity and the absence of user interaction needed to exploit it,” Ubiquity noted.

The CVSS v3.0 vector for this flaw is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, which confirms that the vulnerability can be exploited over the network without authentication or user intervention. 

Persistent Livestream Access

The second vulnerability, identified as CVE-2025-23164, affects the Ubiquity UniFi Protect Application version 5.3.41 and earlier. This flaw stems from a misconfigured access token mechanism, which could allow a user to retain access to a livestream after the original “Share Livestream” link has been disabled.  

Though this vulnerability is rated as medium with a CVSS score of 4.4, it still poses privacy and surveillance concerns, especially for users sharing security camera access. Ubiquity attributes this discovery to security researcher Mike S. Schonert and has resolved the issue in version 5.3.45 of the UniFi Protect application. 

Updates and Fixes Released

To address these vulnerabilities, Ubiquity has released the following updates: 

• UniFi Protect Cameras 4.75.62: This update resolves the critical RCE issue and includes performance enhancements like improved Talk Back resiliency and more accurate vehicle detection for G6 models. A bug causing failure in spotlight activation after target detection was also fixed.
• UniFi Protect Application 5.3.45: Alongside the security patch, this version includes improvements to cloud archiving UX, doorbell volume controls, and a bug fix for incorrect camera reassignment following an AI port restart.

Despite these improvements, Ubiquity did note a known issue: Hallway mode streaming in HDR-disabled settings is currently not functioning on G5-Pro models. 

Users are strongly urged to update their Ubiquity UniFi systems immediately, as unpatched devices—especially those on exposed or partially secured networks—can be exploited through critical vulnerabilities like this one, potentially allowing attackers to install malware, conduct unauthorized surveillance, or access broader network resources.