https://feed.craftedsignal.io/tags/cve-2019-25652/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 22:16:19 +0000https://feed.craftedsignal.io/briefs/2026-03-unifi-cert-bypass/Fri, 27 Mar 2026 22:16:19 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-unifi-cert-bypass/UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.<p>CVE-2019-25652 affects UniFi Network Controller versions prior to 5.10.22 and 5.11.x before 5.11.18. The vulnerability stems from an improper certificate verification process during SMTP connections. An attacker positioned on an adjacent network can exploit this weakness to conduct man-in-the-middle (MitM) attacks. By presenting a false SSL certificate, the attacker can intercept SMTP traffic intended for the UniFi Network Controller, potentially gaining access to sensitive information…</p> highadvisoryunifimitmcredential-theftcve-2019-25652