Unrated severityNVD Advisory· Published Mar 27, 2026· Updated Mar 30, 2026
UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
CVE-2019-25652
Description
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.