Debugging Functionality Vulnerability in UniFi Talk Devices
CVE-2025-52663

7.3HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Talk Touch; Unifi Talk Touch Max; Unifi Talk G3 Phones
Vendor: CVE Published:; 30 October 2025

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2025-52663?

A vulnerability has been discovered in specific UniFi Talk devices where internal debugging features were unintentionally left enabled. This oversight could potentially allow an attacker with access to the management network of UniFi Talk devices to execute internal debugging operations via the device's API. Affected users are advised to update their devices to the latest versions: UniFi Talk Touch (1.21.17 or later), UniFi Talk Touch Max (2.21.23 or later), and UniFi Talk G3 Phones (3.21.27 or later) to mitigate this issue.

Affected Version(s)

UniFi Talk G3 Phones 3.21.27

UniFi Talk Touch 1.21.17

UniFi Talk Touch Max 2.21.23

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Jun 18, 2025

JSON