CVE-2025-27216

Published: Aug 21, 2025Modified: Aug 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822

Source: support@hackerone.com

Timeline

No history available yet.