![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?#)
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Shares Official Trailer for 'Stick' Starring Owen Wilson [Video]](https://www.iclarified.com/images/news/97264/97264/97264-640.jpg)
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution
A critical security vulnerability in Ubiquiti UniFi Protect Cameras could allow attackers to execute arbitrary code remotely. The flaw, which received the highest possible CVSS score of 10.0, affects all camera firmware versions 4.75.43 and earlier, prompting an urgent call for users to update their systems immediately. The vulnerability, tracked as CVE-2025-23123, involves a heap […] The post Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
A critical security vulnerability in Ubiquiti UniFi Protect Cameras could allow attackers to execute arbitrary code remotely.
The flaw, which received the highest possible CVSS score of 10.0, affects all camera firmware versions 4.75.43 and earlier, prompting an urgent call for users to update their systems immediately.
The vulnerability, tracked as CVE-2025-23123, involves a heap buffer overflow in the camera firmware that enables remote code execution (RCE) capabilities.
Critical RCE in UniFi Protect Cameras
According to the Security Advisory Bulletin released by Ubiquiti, “A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras.”
Security researchers note that achieving a perfect CVSS score of 10.0 is rare, highlighting the critical nature of this vulnerability.
The complete CVSS vector – CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H – indicates that the vulnerability requires no user interaction to exploit, can be accessed through the network, and could lead to complete system compromise.
The heap buffer overflow vulnerability could allow attackers who gain access to the management network to potentially:
- Gain complete control over camera systems
- Eavesdrop on surveillance feeds
- Manipulate video recordings or live footage
- Use compromised cameras as entry points to pivot deeper into secured networks
Security expert Mathew Marcus, who discovered the vulnerability, emphasized that while attackers need access to the management network, many home and small business deployments lack proper network segmentation, making exploitation relatively straightforward in non-segmented environments.
Risk Factors Details Affected Products UniFi Protect Cameras (Version 4.75.43 and earlier) Impact Remote Code Execution (RCE) Exploit Prerequisites Access to management network; no privileges or user interaction required CVSS 3.1 Score 10.0 (Critical)
Mitigation Steps
Ubiquiti strongly urges all UniFi Protect Camera users to immediately update to firmware version 4.75.62 or later to address the vulnerability. The update is available through the standard UniFi firmware update process.
In the same security advisory, Ubiquiti also disclosed a second, less critical vulnerability (CVE-2025-23164) affecting the UniFi Protect Application versions 5.3.41 and earlier.
This secondary issue involves a misconfigured access token mechanism that could allow continued access to livestream feeds even after links have been disabled.
To address this issue, users should update the UniFi Protect Application to version 5.3.45 or later.
This is not the first high-severity vulnerability discovered in Ubiquiti’s UniFi Protect ecosystem in recent months. Earlier this year, security researchers identified other critical flaws, including CVE-2025-23115 and CVE-2025-23116, which also affected the camera systems
Organizations using UniFi Protect cameras implement proper network segmentation as an additional security measure to limit the potential impact of such vulnerabilities, even after applying the necessary firmware updates.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
The post Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
