CVE-2025-24292: 
Ubiquiti UniFi vulnerability analysis and mitigation

A misconfigured query vulnerability was discovered in UniFi Network (v9.1.120 and earlier) that affects Enterprise WiFi and VPN Server authentication. The vulnerability was disclosed on June 29, 2025, and assigned identifier CVE-2025-24292. The flaw allows users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device's MAC address from 802.1X or MAC Authentication when both services are enabled and share the same RADIUS profile (NVD, CVE Mitre).

The vulnerability stems from a misconfigured query in the authentication mechanism that incorrectly handles MAC addresses from 802.1X or MAC Authentication. The issue specifically occurs when both Enterprise WiFi and VPN Server services are enabled and configured to use the same RADIUS profile. The vulnerability has been assigned a CVSS v3.0 base score of 6.8 (MEDIUM) with the vector string CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N, indicating network accessibility with high attack complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability allows unauthorized users to gain access to Enterprise WiFi or VPN services by exploiting the MAC address authentication mechanism. This could potentially lead to unauthorized network access and compromise of network security (NVD).

Users should upgrade their UniFi Network installation to a version newer than v9.1.120. If immediate upgrading is not possible, it is recommended to avoid using the same RADIUS profile for both Enterprise WiFi and VPN Server services (NVD).