High severity7.8NVD Advisory· Published Sep 13, 2024· Updated Jun 17, 2026
CVE-2024-42025
CVE-2024-42025
Description
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
Affected products
2<=8.3.32+ 1 more
- (no CPE)range: <=8.3.32
- (no CPE)range: 8.4.59
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.