How to fix CVE-2019-25651?

Within 24 hours: Inventory all UniFi Controller, UAP, USW, and USG devices and document current firmware versions. Within 7 days: Apply vendor patches-UniFi Controller to 5.10.12 (or 5.6.42 for legacy), UAP/UAP-AC/UAP-AC Outdoor to 4.0.6 or 3.8.17 respectively, USW to 4.0.6, and USG to 4.4.34. Within 30 days: Validate patch deployment across all devices and conduct network segmentation review to isolate management traffic.

Is Ubiquiti affected by CVE-2019-25651?

Ubiquiti UniFi Network Controller and associated access points use weak AES-CBC encryption for device-to-controller communication, exposing network infrastructure to potential man-in-the-middle attacks that could compromise device management and network visibility.

CVE-2019-25651

EUVD-2019-20041 HIGH

2026-03-27 VulnCheck

Authentication Bypass Ubiquiti

8.7

CVSS 4.0

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:12 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

3.8.17,4.0.6,5.10.12

Analysis Generated

Mar 27, 2026 - 22:00 vuln.today

EUVD ID Assigned

Mar 27, 2026 - 22:00 euvd

EUVD-2019-20041

CVE Published

Mar 27, 2026 - 21:16 nvd

HIGH 8.7

DescriptionNVD

Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Use of a Broken or Risky Cryptographic Algorithm (CWE-327).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2019-25651 vulnerability details – vuln.today

Back

CVE-2019-25651

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2019-25651

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code