CVE Number: CVE-2025-52916
DATE PUBLISHED: 2025-06-10
DATE UPDATED: 2025-07-11
Please Note:
Yealink takes the security of our customers and our products seriously. This is a living document and may be subject to updates.
Vulnerability Summary
RPS lacks SN verification attempt limits, enabling brute-force enumeration.
Vulnerability CVSS
CVSS Severity: LOW
CVSS Score: 2.2
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Product Affected
Product Family and Model | Affected | Fixed |
RPS | Prior to 2025-06-04 | Patched on 2025-06-04 |
Resolution Measures
Yealink RPS has implemented enhanced security measures for SN verification, including IP blocking for repeated failed attempts to prevent further exploitation.Yealink released a security update on June 4, 2025, which has been automatically deployed to all cloud service instances.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-52916
Feedback
For any customers using affected systems who are concerned about this vulnerability in their deployment, please reach out to Yealink technical support for the latest information by visiting Yealink Support. You can also find additional advanced security guidance and helpful content by searching in the Security News section of the Technical Support Center Yealink Support.