high advisory March 27, 2026

UniFi Network Controller Improper Certificate Verification Vulnerability (CVE-2019-25652)

UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.

CVE-2019-25652 affects UniFi Network Controller versions prior to 5.10.22 and 5.11.x before 5.11.18. The vulnerability stems from an improper certificate verification process during SMTP connections. An attacker positioned on an adjacent network can exploit this weakness to conduct man-in-the-middle (MitM) attacks. By presenting a false SSL certificate, the attacker can intercept SMTP traffic intended for the UniFi Network Controller, potentially gaining access to sensitive information…

Detection coverage 2

Detect Self-Signed Certificates in SMTP Traffic

medium

Detects the use of self-signed certificates during SMTP communication, which could indicate a man-in-the-middle attack exploiting CVE-2019-25652.

sigma tactics: credential_access techniques: T1557.001, T1588.002 sources: network_connection, firewall

Detect Unifi SMTP Traffic to External IP

low

Detects Unifi device connecting to external SMTP server.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, firewall

Detection queries are kept inside the platform. Get full rules →