Home

Description

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products: UniFi Talk Touch (Version 1.21.16 and earlier) UniFi Talk Touch Max (Version 2.21.22 and earlier) UniFi Talk G3 Phones (Version 3.21.26 and earlier) Mitigation: Update the UniFi Talk Touch to Version 1.21.17 or later. Update the UniFi Talk Touch Max to Version 2.21.23 or later. Update the UniFi Talk G3 Phones to Version 3.21.27 or later.

PUBLISHED Reserved 2025-06-18 | Published 2025-10-30 | Updated 2025-11-03 | Assigner hackerone

Product status

Default status
affected

1.21.17 (semver) before 1.21.17
unaffected

Default status
affected

2.21.23 (semver) before 2.21.23
unaffected

Default status
affected

3.21.27 (semver) before 3.21.27
unaffected

References

community.ui.com/...055/9b65527b-489c-4f16-ac34-2b887754db1e

cve.org (CVE-2025-52663)

nvd.nist.gov (CVE-2025-52663)

Download JSON