CVE-2019-25652 PUBLISHED

UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM

Assigner: VulnCheck
Reserved: 26.03.2026 Published: 27.03.2026 Updated: 27.03.2026

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.6

Product Status

Vendor Ubiquiti
Product UniFi Network Controller
Versions Default: unaffected
  • affected from 0 to 5.10.22 (excl.)
  • affected from 5.11 to 5.11.18 (excl.)
  • Version 5.6.42 is unaffected

References

Problem Types

  • CWE-295 Improper Certificate Validation CWE