CVE-2025-24292 – Ubiquiti UniFi Network MAC Address Authentication Bypass Vulnerability

CVE ID : CVE-2025-24292

Published : June 29, 2025, 8:15 p.m. | 2 hours, 43 minutes ago

Description : A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…