CVE-2025-52663

HIGH

UniFi Talk <1.21.16, <2.21.22, <3.21.26 - RCE

Title source: llm

Description

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products: UniFi Talk Touch (Version 1.21.16 and earlier) UniFi Talk Touch Max (Version 2.21.22 and earlier) UniFi Talk G3 Phones (Version 3.21.26 and earlier) Mitigation: Update the UniFi Talk Touch to Version 1.21.17 or later. Update the UniFi Talk Touch Max to Version 2.21.23 or later. Update the UniFi Talk G3 Phones to Version 3.21.27 or later.

References (1)

[Release Notes] https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-489

Status published

Products (3)

Ubiquiti Inc/UniFi Talk G3 Phones 3.21.27

Ubiquiti Inc/UniFi Talk Touch 1.21.17

Ubiquiti Inc/UniFi Talk Touch Max 2.21.23

Published Oct 31, 2025

Tracked Since Feb 18, 2026