PT-2025-44561 · Ubiquiti · Unifi Talk Touch Max+2

Published

2025-10-30

Updated

2025-11-03

CVE-2025-52663

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions UniFi Talk Touch versions 1.21.16 and earlier UniFi Talk Touch Max versions 2.21.22 and earlier UniFi Talk G3 Phones versions 3.21.26 and earlier

Description An issue was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. The API allows invocation of internal debug operations.

Recommendations Update the UniFi Talk Touch to version 1.21.17 or later. Update the UniFi Talk Touch Max to version 2.21.23 or later. Update the UniFi Talk G3 Phones to version 3.21.27 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-489

Related Identifiers

CVE-2025-52663

Affected Products

Unifi Talk G3 Phones

Unifi Talk Touch

Unifi Talk Touch Max

PT-2025-44561 · Ubiquiti · Unifi Talk Touch Max+2

CVE-2025-52663

Weakness Enumeration

Related Identifiers

Affected Products

References · 5