CVE-2025-52917
📋 TL;DR
The Yealink RPS API lacks rate limiting, allowing attackers to send excessive requests that could lead to information disclosure. This affects organizations using Yealink VoIP phones with the RPS API exposed. The vulnerability enables potential enumeration of device information through brute-force style attacks.
💻 Affected Systems
- Yealink VoIP Phones with RPS API
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete enumeration of all connected Yealink devices, exposing sensitive configuration data, phone numbers, and network information that could facilitate further attacks.
Likely Case
Partial information disclosure about VoIP phone configurations and network details, potentially revealing internal infrastructure.
If Mitigated
Limited or no information disclosure if proper network segmentation and access controls are implemented.
🎯 Exploit Status
Simple HTTP request flooding can exploit this vulnerability
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025-05-26 or later
Vendor Advisory: https://www.yealink.com/en/trust-center/security-advisories/f8205560a8c7443f
Restart Required: Yes
Instructions:
1. Access Yealink RPS management interface
2. Check current version
3. If before 2025-05-26, update to latest version
4. Restart RPS service
5. Verify update completed successfully
🔧 Temporary Workarounds
Implement Network Rate Limiting
linuxConfigure network devices to limit requests to RPS API endpoints
iptables -A INPUT -p tcp --dport [RPS_PORT] -m limit --limit 10/minute -j ACCEPT
iptables -A INPUT -p tcp --dport [RPS_PORT] -j DROP
Restrict RPS API Access
allLimit RPS API access to trusted management networks only
iptables -A INPUT -p tcp --dport [RPS_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [RPS_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RPS API from untrusted networks
- Deploy web application firewall with rate limiting rules for RPS API endpoints
🔍 How to Verify
Check if Vulnerable:
Check RPS API version via web interface or API endpoint. If version date is before 2025-05-26, system is vulnerable.Check Version:
curl -s http://[RPS_HOST]/api/version | grep 'build_date'Verify Fix Applied:
Verify version shows 2025-05-26 or later. Test rate limiting by sending rapid requests to RPS API endpoints.📡 Detection & Monitoring
Log Indicators:
- High volume of requests to RPS API endpoints
- Multiple failed authentication attempts to RPS
- Unusual request patterns from single IP addresses
Network Indicators:
- Bursts of HTTP requests to RPS API ports
- Traffic from unexpected sources to RPS endpoints
- Abnormal request rates exceeding normal patterns
SIEM Query:
source="RPS_logs" AND (request_count > 1000 per minute) OR (src_ip count > 50 per minute)