Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

EdgeMAX EdgeSwitch

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-48978
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.50%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 00:01
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-EdgeMAX EdgeSwitch
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-27211
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.46%
||
7 Day CHG+0.10%
Published-04 Aug, 2025 | 22:12
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-EdgeMAX EdgeSwitch
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')