Information Disclosure Vulnerability in Yealink YMCS RPS API
CVE-2025-52917

4.3MEDIUM

Key Information:

Vendor: Yealink
Status: Rps
Vendor: CVE Published:; 21 June 2025

What is CVE-2025-52917?

The Yealink YMCS RPS API prior to May 2025 lacks adequate rate limiting measures, potentially allowing attackers to exploit this weakness. Through excessive requests, unauthorized users could gain access to sensitive information, raising serious concerns regarding data security and privacy. It is advisable for users and administrators to review their API usage and implement necessary security measures to protect against potential data leakage.

Affected Version(s)

RPS 0 < 2025-05-26

References

https://support.yealink.com/en/portal/knowledge/show?id=6...

https://www.yealink.com/en/trust-center/security-advisori...

https://seclists.org/fulldisclosure/2025/Jun/20

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2025