CVE-2025-52663
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-12-02
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubiquiti | unifi_talk_touch_max | 2.21.22 |
| ubiquiti | unifi_talk_g3_phones | 3.21.26 |
| ubiquiti | unifi_talk_touch | 1.21.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-489 | The product is released with debugging code still enabled or active. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain UniFi Talk devices where internal debugging functionality was unintentionally left enabled. An attacker who has access to the UniFi Talk management network could exploit this by invoking internal debug operations through the device API, potentially gaining unauthorized control or information.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker on the management network to perform unauthorized debug operations on affected UniFi Talk devices. This could lead to unauthorized access, manipulation, or disruption of device functionality within the network.
What immediate steps should I take to mitigate this vulnerability?
Update the UniFi Talk Touch devices to Version 1.21.17 or later, UniFi Talk Touch Max devices to Version 2.21.23 or later, and UniFi Talk G3 Phones to Version 3.21.27 or later to mitigate the vulnerability.