High severity8.3NVD Advisory· Published Mar 27, 2026· Updated Apr 29, 2026

CVE-2019-25651

Description

Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecbnvd
www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-controlnvd

News mentions

No linked articles in our index yet.

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000