This page lists publicly disclosed CVE vulnerabilities affecting ui unifi_network_application (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-42025 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | [email protected] | 7.8 | 0.79% | 2024-09-13 | 2026-06-17 |
| CVE-2023-41721 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | [email protected] | 5.3 | 0.59% | 2023-10-25 | 2026-06-17 |
| CVE-2023-32000 | A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | [email protected] | 4.8 | 0.28% | 2023-07-07 | 2026-06-17 |
| CVE-2023-28365 | A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | [email protected] | 9.1 | 0.63% | 2023-06-30 | 2026-06-17 |