Improper Certificate Validation in Yealink YMCS RPS
CVE-2025-52919

Currently unrated

Key Information:

Vendor: Yealink
Status: YMCS RPS
Vendor: CVE Published:; 21 June 2025

What is CVE-2025-52919?

In Yealink's YMCS RPS prior to May 26, 2025, a flaw exists in the certificate upload functionality. The system fails to effectively validate the content of uploaded certificates. This oversight could potentially pave the way for malicious actors to introduce invalid certificates into the system, posing significant risks to security integrity and network operations.

References

https://support.yealink.com/en/portal/knowledge/show?id=6...

https://www.yealink.com/en/trust-center/security-advisori...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2025