Researchers discovered a bug in UniFi Access by Ubiquiti. This allows hackers to hijack a system and gain (physical) access to offices and buildings protected by UniFi Access. A patch is available.
Researchers from Catchify Security have discovered a vulnerability in UniFi OS by Ubiquiti. The bug enables the execution of external code without requiring anyone to log in. The flaw lies in a misconfigured API endpoint that calls backup processes. Ubiquiti released a patch with version 4.0.21.
From Digital to Physical Access
The vulnerability labeled CVE-2025-52665 receives a perfect CVSS score of 10, making it extremely critical. Through the bug, attackers gain access to UniFi Access. This component manages physical doors and NFC credentials. Exploiting it could allow attackers to unlock doors, read NFC data, or create new access credentials, enabling physical access and identity fraud.
Catchify Security reported the flaw on October 9, 2025. Ubiquiti triaged the report the same day. The fix is included in UniFi Access 4.0.21. For the report, Catchify Security received a bug bounty of 25,000 dollars.
Administrators should upgrade to UniFi Access 4.0.21 as soon as possible. Additionally, check that management interfaces are not directly accessible from the network. Disable external access where possible. Conduct an audit on NFC credentials and change keys if necessary.