CVE-2019-25652

Name: CVE-2019-25652
Creator: NVD / NIST
Published: 2026-03-27T22:16:19.38+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.7/10EPSS 0.11%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

7.7/10

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.11%

1.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

References

Timeline

Published: Mar 27, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2019-25652?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST