{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25651", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T20:24:49.635Z", "datePublished": "2026-03-27T21:16:30.611Z", "dateUpdated": "2026-03-30T17:55:00.222Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T21:16:30.611Z"}, "title": "Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control", "descriptions": [{"lang": "en", "value": "Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices."}], "datePublic": "2019-05-15T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "type": "CWE"}]}], "affected": [{"vendor": "Ubiquiti", "product": "UniFi Network Controller", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThan": "5.10.12"}, {"status": "unaffected", "version": "5.6.42", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi UAP Firmware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThan": "4.0.6"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi UAP-AC Firmware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThan": "3.8.17"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi USW Firmware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThan": "4.0.6"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi USG Firmware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThan": "4.4.34"}], "defaultStatus": "unaffected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "manual"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T17:51:04.700943Z", "id": "CVE-2019-25651", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:55:00.222Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T17:51:04.700943Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:51:14.240Z"}}], "cna": {"title": "Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control", "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ubiquiti", "product": "UniFi Network Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "5.10.12", "versionType": "semver"}, {"status": "unaffected", "version": "5.6.42", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi UAP Firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.6", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi UAP-AC Firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "3.8.17", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi USW Firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.6", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti", "product": "UniFi USG Firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.34", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2019-05-15T00:00:00.000Z", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "manual"}, "descriptions": [{"lang": "en", "value": "Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T21:16:30.611Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25651", "state": "PUBLISHED", "dateUpdated": "2026-03-30T17:55:00.222Z", "dateReserved": "2026-03-26T20:24:49.635Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-27T21:16:30.611Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices."}], "id": "CVE-2019-25651", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-27T22:16:19.107", "references": [{"source": "disclosure@vulncheck.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.8.17)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "unifi_uap-ac_firmware", "vendor": "ubiquiti"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.0.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "UniFi UAP Firmware", "source": "cna", "vendor": "Ubiquiti"}, "product": "unifi_uap_firmware", "vendor": "ubiquiti"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.4.34)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "unifi_usg_firmware", "vendor": "ubiquiti"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.0.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "unifi_usw_firmware", "vendor": "ubiquiti"}], "analysis": {"en": {"generated_at": "2026-03-28T05:12:50.360203+00:00", "value": {"mitigation_remediation": ["Update the UniFi Network Controller to version 5.10.12 or later.", "Upgrade all UniFi UAP and UAP-AC devices to firmware 4.0.6 or later; upgrade USG to 4.4.34 or later; upgrade USW to 4.0.6 or later.", "If immediate firmware upgrade is not feasible, isolate the devices from adjacent network traffic and restrict eavesdropping."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized control of UniFi network devices via recovered AES keys"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts Ubiquiti UniFi Network Controller Software versions before 5.10.12 (excluding 5.6.42), Ubiquiti UniFi UAP firmware before 4.0.6, UniFi UAP-AC and UAP-AC v2 firmware before 3.8.17, UniFi USG firmware before 4.4.34, and UniFi USW firmware before 4.0.6. Systems with these firmware releases are at risk until patched.", "description_and_impact": "A critical cryptographic flaw in Ubiquiti UniFi devices allows attackers to recover AES-CBC keys that protect device-to-controller traffic. By capturing sufficient encrypted packets on the same network segment, an attacker can derive the keys and gain full control of the affected devices. This enables unauthorized configuration changes, firmware updates, or other management actions, effectively compromising the integrity of the network infrastructure.", "risk_and_exploitability": "The CVSS base score of 8.7 indicates a high severity vulnerability. Although the EPSS score is not available, the absence of the flaw from the KEV catalog suggests it has not yet been widely exploited in the wild, yet the attack requires only adjacent network access and traffic capture, making it relatively straightforward for an attacker. The compromise grants full administrative control over the devices, representing a significant threat to network security."}}}}, "created": "2026-03-29T20:29:46.162972+00:00", "updated": "2026-03-30T07:59:19.244304+00:00", "vendors": ["ubiquiti", "ubiquiti$PRODUCT$unifi_uap-ac_firmware", "ubiquiti$PRODUCT$unifi_uap_firmware", "ubiquiti$PRODUCT$unifi_usg_firmware", "ubiquiti$PRODUCT$unifi_usw_firmware"]}