Important safety vulnerabilities in Ubiquiti’s UniFi Shield surveillance ecosystem-one rated the utmost severity rating of 10.0-could enable attackers to hijack cameras, execute malicious code remotely, and preserve unauthorized entry to video feeds.
The issues, disclosed on Could 6, 2025, have an effect on the UniFi Shield Cameras firmware and the UniFi Shield Software, exposing enterprise and residential surveillance methods to exploitation.
Safety researchers have urged rapid patching to mitigate dangers of community compromise and privateness breaches.
Probably the most extreme vulnerability, tracked as CVE-2025-23123, stems from a heap buffer overflow within the firmware of UniFi Shield Cameras (variations 4.75.43 and earlier).
Attackers with entry to the administration community can exploit this flaw to set off distant code execution (RCE), granting full management over affected units.
The vulnerability’s CVSS v3.0 rating of 10.0 displays its criticality, with the assault vector categorized as network-based (AV:N), requiring no consumer interplay or privileges (PR:N/UI:N).
Heap buffer overflows happen when a program writes knowledge past the allotted reminiscence house, corrupting adjoining knowledge buildings.
On this case, malformed community packets despatched to the digital camera’s administration interface overwhelm the buffer, enabling attackers to overwrite vital reminiscence addresses.
Profitable exploitation may enable deployment of malware, manipulation of video feeds, or lateral motion throughout linked networks.
The flaw’s “excessive” impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) underscore its potential to disrupt bodily safety infrastructure.
Researcher Mathew Marcus, credited with discovering the vulnerability, emphasised that unpatched cameras in company or vital infrastructure environments may function entry factors for ransomware assaults or espionage.
Ubiquiti has not disclosed whether or not energetic exploitation has been noticed, however the absence of exploit complexity (AC:L) suggests low obstacles for risk actors.
Misconfigured Livestream Sharing Tokens
A secondary vulnerability, CVE-2025-23164 (CVSS 4.4), impacts the UniFi Shield Software (variations 5.3.41 and earlier).
The flaw resides within the “Share Livestream” function, which generates time-limited entry hyperlinks for exterior customers.
On account of a misconfigured token revocation mechanism, recipients of disabled hyperlinks retain entry to livestreams indefinitely.
Whereas much less extreme than the RCE flaw, this oversight creates persistent privateness dangers, notably for organizations sharing delicate footage.
The assault vector requires preliminary entry to a official livestream hyperlink (PR:H) and hinges on Ubiquiti’s failure to invalidate tokens upon hyperlink deactivation.
Although the complexity is excessive (AC:H), profitable exploitation permits unauthorized events to watch video feeds covertly.
Researcher Mike S Schonert famous that risk actors may mix this flaw with social engineering ways to reap legitimate hyperlinks, amplifying the danger of knowledge leaks.
Not like the network-wide implications of CVE-2025-23123, this vulnerability’s scope is proscribed to compromised livestreams (S:U).
Nevertheless, industries like healthcare or education-where video feeds usually comprise delicate private data-face heightened publicity.
Ubiquiti’s advisory confirms that the flaw doesn’t allow entry to historic footage or different system parts, mitigating its broader impression.
Mitigation and Vendor Response
Ubiquiti has launched firmware updates to deal with each vulnerabilities. UniFi Shield Cameras have to be upgraded to model 4.75.62 or later to resolve CVE-2025-23123, whereas the UniFi Shield Software requires model 5.3.45 or newer to repair CVE-2025-23164.
The patches, distributed through Ubiquiti’s auto-update mechanism, modify reminiscence administration routines within the digital camera firmware and introduce strict token expiration protocols within the Shield Software.
Organizations unable to use rapid updates ought to phase surveillance networks from vital infrastructure, prohibit administration interface entry, and audit energetic livestream hyperlinks.
Ubiquiti has additionally really helpful disabling the “Share Livestream” function till patches are deployed, although this may occasionally hinder collaboration in safety operations facilities.
Whereas no workarounds exist for the RCE vulnerability, its exploitation requires proximity to the administration community.
Enterprises ought to implement zero-trust ideas, requiring multi-factor authentication for community entry and monitoring for anomalous visitors patterns.
The staggered disclosure timeline-with fixes launched concurrently with advisories-highlights the coordinated effort between Ubiquiti and exterior researchers to attenuate publicity home windows.
As surveillance methods more and more combine with IoT ecosystems, these vulnerabilities underscore the significance of firmware hygiene.
With over 1.2 million UniFi Shield units deployed globally, well timed patching stays the simplest protection in opposition to weaponized exploits concentrating on bodily and digital safety infrastructures.
