Critical RCE Vulnerability in Unifi Access (CVE-2025-52665) with CVSS 10.0 Score

The Catchify team has recently disclosed a critical Remote Code Execution (RCE) vulnerability in Unifi Access, part of the Unifi OS ecosystem developed by Ubiquiti. This vulnerability, identified as CVE-2025-52665, has been assigned a CVSS score of 10.0, indicating maximum severity. RCE vulnerabilities allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. Given the widespread use of Unifi products in both enterprise and home environments, this vulnerability poses a significant risk. Attackers exploiting this flaw could gain control over network infrastructure, facilitating data breaches and lateral movement within networks. Cybersecurity professionals should prioritize patching this vulnerability immediately. If patches are not yet available, temporary mitigations such as network segmentation and monitoring for suspicious activity should be implemented. The high CVSS score suggests that exploitation in the wild is likely, making swift action crucial. This vulnerability underscores the importance of robust vulnerability management and the need for continuous monitoring of network management systems.