CVE-2025-24292

A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.

Published: Jun 29, 2025
Updated: Jun 30, 2025
CVE: CVE-2025-24292
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://community.ui.com/releases/Security-Advisory-Bulletin-049-049/7a019b27-6c77-4500-bec8-596cd87c9292

Vulnerability Database

289,784

CVE-2025-24292