CVE-2025-52917 | THREATINT

Description

The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.

PUBLISHED Reserved 2025-06-21 | Published 2025-06-21 | Updated 2025-07-28 | Assigner mitre

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

Any version before 2025-05-26

affected

References

support.yealink.com/...edge/show?id=6476e7cd6a27da76bd06a9c9

www.yealink.com/...nter/security-advisories/f8205560a8c7443f

seclists.org/fulldisclosure/2025/Jun/20

dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/

cve.org (CVE-2025-52917)

nvd.nist.gov (CVE-2025-52917)

Download JSON

help @ threatint.eu