CVE-2019-25652

HIGH 7.5

UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

1th

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

CWE	CWE-295
Vendor	ubiquiti
Product	unifi network controller
Published	Mar 27, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for ubiquiti unifi network controller

Be the first to know when new high vulnerabilities affecting ubiquiti unifi network controller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Ubiquiti / UniFi Network Controller

0 < 5.10.22 5.11 < 5.11.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.ui.com: https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 vulncheck.com: https://www.vulncheck.com/advisories/unifi-network-controller-improper-certificate-validation-leading-to-credential-theft-via-mitm