Attackers can exploit three chained vulnerabilities in Ubiquiti's UniFi OS server to execute remote code with root privileges without authentication. The flaws have already been patched.
A critical security flaw in Ubiquiti's UniFi OS server allows unauthenticated attackers to gain root-level access by chaining three previously fixed vulnerabilities together.
The attack bypasses standard authentication mechanisms entirely, enabling remote code execution (RCE) with the highest system privileges. While Ubiquiti has released patches for each individual vulnerability, the combination creates a severe risk for systems running unpatched versions.
Vulnerability Chain
The three vulnerabilities work in conjunction to create an unauthenticated root access pathway. Attackers can leverage the flaws sequentially to escalate privileges and execute arbitrary commands on affected UniFi OS servers.
Ubiquiti has not disclosed extensive technical details about the specific vulnerabilities in public disclosures, but security researchers have documented the chaining technique. The attack requires network access to the UniFi OS server but does not require valid credentials.
Impact
UniFi OS powers Ubiquiti's network management platform, widely deployed across enterprise environments, data centers, and managed service providers. Successful exploitation grants attackers complete control over network infrastructure management systems, potentially exposing sensitive network configurations, user data, and connected devices.
Remediation
Ubiquiti recommends updating to the latest patched version of UniFi OS immediately. Users should verify their systems are running the current release, as all three vulnerabilities have been addressed in recent updates.
For organizations unable to patch immediately, restricting network access to UniFi OS servers through firewall rules and network segmentation can reduce exposure. Monitoring for suspicious authentication attempts and unauthorized access is also recommended.
Timeline
The vulnerabilities have been patched in recent Ubiquiti releases. Security researchers have confirmed the chaining technique works across multiple UniFi OS versions prior to the latest updates.
Israeli cybersecurity firm Check Point has released security updates for a critical VPN vulnerability exploited in active zero-day attacks. The flaw affects Remote Access VPN and Mobile Access deployments and has been linked to the Qilin ransomware group.
Gogs has released a security patch for a critical zero-day vulnerability that enables remote code execution on exposed instances. The flaw allows attackers to compromise servers and access all repositories, including private ones.
Meta's WhatsApp has detected new spyware attacks linked to NSO Group, the Israeli surveillance firm behind the notorious Pegasus malware. The company disrupted a phishing campaign targeting its users, marking another violation of existing court orders against NSO.
Oxford University disclosed a data breach after its third-party careers services provider, Group GTI, notified the institution that its CareerConnect platform had been compromised.