12/06/2025

ZDI-25-379: (Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Ubiquiti Networks AI Bullet Cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2025-23117.

You may also like

ZDI-25-855: (0Day) Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

ZDI-25-986: Autodesk On-Demand Install Services adsk_IPCUpdaterChannel Origin Validation Error Local Privilege Escalation Vulnerability