{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25652/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["unifi","mitm","credential-theft","cve-2019-25652"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2019-25652 affects UniFi Network Controller versions prior to 5.10.22 and 5.11.x before 5.11.18. The vulnerability stems from an improper certificate verification process during SMTP connections. An attacker positioned on an adjacent network can exploit this weakness to conduct man-in-the-middle (MitM) attacks. By presenting a false SSL certificate, the attacker can intercept SMTP traffic intended for the UniFi Network Controller, potentially gaining access to sensitive information…\u003c/p\u003e\n","date_modified":"2026-03-27T22:16:19Z","date_published":"2026-03-27T22:16:19Z","id":"/briefs/2026-03-unifi-cert-bypass/","summary":"UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.","title":"UniFi Network Controller Improper Certificate Verification Vulnerability (CVE-2019-25652)","url":"https://feed.craftedsignal.io/briefs/2026-03-unifi-cert-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25652","version":"https://jsonfeed.org/version/1.1"}