CVE-2025-24285 in UniFi Connect EV Station Lite
Summary
by MITRE • 08/21/2025
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite (Version 1.5.1 and earlier) Mitigation: Update UniFi Connect EV Station Lite to Version 1.5.2 or later
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 08/22/2025
The CVE-2025-24285 vulnerability represents a critical security flaw in UniFi Connect EV Station Lite devices running version 1.5.1 or earlier. This vulnerability falls under the category of improper input validation, which is a well-documented weakness that occurs when applications fail to properly validate or sanitize user-supplied data before processing it. The affected device operates as an electric vehicle charging station that likely accepts various forms of input through network interfaces, potentially including configuration parameters, user commands, or system settings. The vulnerability specifically enables command injection attacks, which means that an attacker who gains network access to the device could execute arbitrary commands on the underlying system. This type of vulnerability is particularly dangerous because it can provide attackers with elevated privileges and full control over the device's operations.
The technical nature of this vulnerability stems from insufficient input validation mechanisms within the UniFi Connect EV Station Lite firmware. Command injection vulnerabilities typically occur when application code directly incorporates user input into system commands without proper sanitization or escaping of special characters. In the context of an EV charging station, this could manifest when the device processes network requests containing command parameters, configuration values, or user inputs that are subsequently executed by the system shell. The vulnerability is classified under CWE-77 and CWE-94 in the Common Weakness Enumeration catalog, which specifically addresses improper input validation leading to command injection. According to the MITRE ATT&CK framework, this vulnerability would map to the Command and Scripting Interpreter tactic, potentially enabling adversaries to execute malicious commands and gain persistent access to the device. The attack surface is particularly concerning given that network access alone is sufficient to exploit this vulnerability, meaning that an attacker does not require physical access or elevated privileges to compromise the device.
The operational impact of this vulnerability extends beyond simple device compromise, as it can lead to complete system control and potential escalation to broader network infrastructure. An attacker with command injection capabilities could potentially modify charging configurations, disable charging functions, access sensitive data stored on the device, or use the compromised station as a pivot point to target other networked devices. The implications are particularly severe for organizations relying on UniFi Connect EV Station Lite for their electric vehicle charging infrastructure, as these devices often operate in public or semi-public spaces where physical security may be limited. The vulnerability could also enable attackers to disrupt charging services, potentially causing inconvenience to users or creating safety hazards if charging parameters are tampered with. In a broader context, this vulnerability demonstrates the critical importance of input validation in embedded systems and IoT devices, where insufficient security controls can provide attackers with complete system compromise.
Mitigation efforts should focus primarily on updating the affected devices to UniFi Connect EV Station Lite version 1.5.2 or later, which contains the necessary patches to address the input validation flaws. This update represents the most effective immediate solution to resolve the vulnerability. Organizations should also implement network segmentation to limit access to these devices, ensuring that only authorized personnel can interact with them. Additional security measures could include monitoring network traffic for suspicious activity, implementing network access controls, and conducting regular security assessments of the charging infrastructure. The vulnerability highlights the importance of maintaining up-to-date firmware and security patches for IoT devices, as these systems often operate with limited security controls and can become attractive targets for attackers seeking to exploit weaknesses in embedded systems. Organizations should also consider implementing device authentication mechanisms and encryption to further protect against unauthorized access to these critical infrastructure components.