CISA Issues Critical Alert for Ubiquiti and Lantronix Vulnerabilities Under Active Exploitation
AI-generated from multiple sources. Verify before acting on this reporting.
WASHINGTON — Additional corroborating reports have been received regarding the active exploitation of critical vulnerabilities in Ubiquiti and Lantronix networking equipment. The U.S. Cybersecurity and Infrastructure Security Agency continues to monitor the situation as new intelligence confirms ongoing threats targeting federal agencies and critical infrastructure operators. These developments reinforce the urgency for organizations utilizing UniFi OS software or specific server configurations managed by Lantronix to implement immediate mitigations. Agencies are advised to prioritize patching affected systems in accordance with previous guidance issued on June 24.
WASHINGTON — The U.S. Cybersecurity and Infrastructure Security Agency issued a maximum severity alert Tuesday warning that hackers are actively exploiting critical vulnerabilities in widely used networking equipment from Ubiquiti Inc. and Lantronix.
The advisory, released at 14:39 UTC on June 24, identifies two distinct flaws affecting UniFi OS software and specific server configurations managed by Lantronix as posing an immediate threat to federal agencies and critical infrastructure operators across the United States. CISA classified both issues with a maximum severity rating of CVSS 10.0, indicating that attackers can fully compromise affected systems without requiring user interaction.
The vulnerabilities allow remote code execution, enabling unauthorized actors to take complete control of infected devices once they are connected to an internet-facing network. The agency stated it is monitoring active exploitation campaigns targeting these specific weaknesses in real-time. CISA has added the associated Common Vulnerabilities and Exposures (CVE) identifiers to its Known Exploited Vulnerabilities catalog, triggering mandatory patching requirements for federal government systems under existing cybersecurity directives.
Ubiquiti’s UniFi OS powers a suite of popular enterprise networking solutions used by businesses, schools, and municipalities. The flaw affects the core operating system that manages network switches, access points, and security cameras. Lantronix devices are frequently deployed in industrial control environments to provide serial-to-network connectivity for legacy machinery.
CISA urged all operators to immediately apply vendor-provided patches or implement compensating controls if updates are unavailable. For federal agencies, the directive mandates immediate remediation of systems within 72 hours of patch availability. The agency warned that failure to address these flaws leaves networks exposed to ransomware deployment and data exfiltration.
Ubiquiti has released emergency firmware updates for affected UniFi OS versions since late last week but advised customers running older legacy builds may face compatibility issues during the upgrade process. Lantronix confirmed it is working with enterprise clients on a phased rollout of patches, though some industrial environments require scheduled downtime that could delay immediate remediation.
Security researchers noted that no specific threat actor has been publicly attributed to the current exploitation wave. The lack of attribution leaves open questions regarding whether this activity represents opportunistic scanning by criminal groups or targeted operations by state-sponsored adversaries seeking access to critical infrastructure networks.
CISA officials have not disclosed details on how many systems are currently compromised, though initial scans suggest widespread exposure in sectors including healthcare and energy distribution. The agency will continue monitoring the situation as vendors finalize patch availability for older hardware configurations.