CVE-2025-52919 | THREATINT

Description

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.

PUBLISHED Reserved 2025-06-21 | Published 2025-06-21 | Updated 2025-07-28 | Assigner mitre

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

Any version before 2025-05-26

affected

References

support.yealink.com/...edge/show?id=6476e7cd6a27da76bd06a9c9

www.yealink.com/...nter/security-advisories/ecb16a4993014d22

seclists.org/fulldisclosure/2025/Jun/20

dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/

cve.org (CVE-2025-52919)

nvd.nist.gov (CVE-2025-52919)

Download JSON