In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing unauthenticated attackers to execute remote code, manipulate door access, or even lock users inside buildings.

John and Lou break down how this misconfigured API opens the door (literally) to full network takeover and discuss the real-world implications of smart building vulnerabilities. They cover the affected UniFi Access versions (3.3.22 to 3.4.31) and emphasize updating immediately to version 4.0.21 or later.

Beyond the technical details, they debate the broader question: Are smart buildings worth the risk? From API hygiene to network segmentation, the hosts offer actionable strategies to secure IoT infrastructure and ensure that “smart” doesn’t become “unsafe.”

⸻

Social Links:

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.