Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Ubiquiti Inc.

Ubiquiti Inc. Vendor Cyber Rating & Cyber Score

ui.com

Rethinking IT careers.ui.com.


Ubiquiti Inc. A.I CyberSecurity Scoring

Ubiquiti Inc.
Company Information
Website:http://www.ui.com
Employees number:1,495
Number of followers:121,158
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:ui.com
Ubiquiti Inc. Risk Score (AI oriented)
Between 700 and 749
logo
Ubiquiti Inc.Technology, Information and Internet
Updated:
04/04/2026
745/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Ubiquiti Inc. Global Score (TPRM)
xxxx
logo
Ubiquiti Inc.Technology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Ubiquiti Inc.
Ubiquiti Inc.Moderate
Current Score
745Ba (MODERATE)
01000
2 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
747Before Incident
JUNE 2026
746Before Incident
MAY 2026
746Before Incident
APRIL 2026
746Before Incident
MARCH 2026
745Before Incident
FEBRUARY 2026
745Before Incident
JANUARY 2026
744Before Incident
DECEMBER 2025
743Before Incident
NOVEMBER 2025
742Before Incident
OCTOBER 2025
742Before Incident
SEPTEMBER 2025
742Before Incident
AUGUST 2025
741Before Incident
JUNE 2025
745Before Incident
Vulnerability
16 Jun 2025Ubiquiti Inc.
Ubiquiti

Critical Unauthenticated Remote Code Execution Vulnerability in Ubiquiti’s UniFi OS (CVE-2025-52665)

740After Incident
CRITICAL-5
UBI2493124110325
A critical unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2025-52665, CVSS 9.8) was discovered in Ubiquiti’s UniFi OS, exposing the backup API infrastructure across UniFi devices (Network, Protect, Access). The flaw stemmed from improper input validation in the `/api/ucore/backup/export` endpoint, allowing attackers to inject shell metacharacters via the `dir` parameter and execute arbitrary system commands with elevated privileges. Exploitation involved chaining unsanitized inputs in commands like `mktemp`, `tar`, and `du`, leading to full system compromise, including reverse shell access and sensitive data exfiltration.The vulnerability was exacerbated by misconfigured network exposure—the endpoint, intended for local access (`127.0.0.1`), was inadvertently exposed on port 9780 via an external proxy. Researchers also uncovered additional unauthenticated API endpoints enabling unauthorized access to NFC credentials, cryptographic keys, and door control systems. While no confirmed breaches were reported, the flaw posed a severe risk of large-scale device takeover, lateral movement within networks, and potential disruption of physical security systems (e.g., access controls). Ubiquiti issued patches, but unpatched systems remain at risk of complete operational sabotage or data theft by remote attackers.
INCIDENT DETAILS -
TYPE
Remote Code Execution (RCE)
IMPACT
Sensitive filesNFC credentialsCryptographic key materialUniFi OS (Backup API)UniFi NetworkUniFi ProtectUniFi AccessDoor control systemsOperational Impact: Full system compromise, unauthorized access to access control systemsBrand Reputation Impact: High (critical vulnerability with full system compromise potential)Identity Theft Risk: High (NFC credentials and cryptographic keys exposed)
DATA BREACH
System filesNFC credentialsCryptographic keysAccess control dataSensitivity Of Data: HighData Exfiltration: Demonstrated in proof-of-concept (e.g., sensitive files, reverse shell access)
JANUARY 2021
776Before Incident
Breach
01 Jan 2021Ubiquiti Inc.
Ubiquiti Inc.

Ubiquiti Data Breach

709After Incident
CRITICAL-67
UBI135424522
Networking device maker Ubiquiti suffered from a data breach security incident that exposed its customers' data. An unauthorized party gained access to certain of Networking device maker Ubiquiti information technology systems hosted by a third party cloud provider. The compromised information included name, email address, the one-way encrypted password, account address and phone number. Ubiquiti investigated the incident and started emailing customers to change their passwords and enable 2FA.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
nameemail addressone-way encrypted passwordaccount addressphone number
DATA BREACH
Personal InformationData Encryption: One-way encrypted passwordnameemail addressaccount addressphone number

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Ubiquiti Inc. ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was Ubiquiti Inc.'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Ubiquiti Inc.'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Ubiquiti Inc. ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Ubiquiti Inc.'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?