CVE-2025-52663

HIGH

UniFi Talk <1.21.16, <2.21.22, <3.21.26 - RCE

Title source: llm

Description

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products: UniFi Talk Touch (Version 1.21.16 and earlier) UniFi Talk Touch Max (Version 2.21.22 and earlier) UniFi Talk G3 Phones (Version 3.21.26 and earlier) Mitigation: Update the UniFi Talk Touch to Version 1.21.17 or later. Update the UniFi Talk Touch Max to Version 2.21.23 or later. Update the UniFi Talk G3 Phones to Version 3.21.27 or later.

References (1)

[Release Notes] https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 22.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-489

Status draft

Timeline

Published Oct 31, 2025

Tracked Since Feb 18, 2026