CVE-2025-52919

Published: Jun 21, 2025

Modified: Jul 28, 2025

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.

Vendor	Product	Versions
Yealink	RPS	affected `0 - < 2025-05-26`

Weaknesses (CWE)

CWE-295

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9

https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22

https://seclists.org/fulldisclosure/2025/Jun/20

https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52919

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References