Unifi Network Application
CVE-2024-42025
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
AnalysisAI
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. Affected products include: Ui Unifi Network Application. Version information: Version 8.3.32.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Unifi Network Application
View allA backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, network-adjacent user to gain elev
Privilege escalation via path traversal in self-hosted UniFi Network Application (Ubiquiti's controller software) allows
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, authenticated user on the network
Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain g
Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. Rated
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today