Primary

Context

Ubiquiti UniFi Talk Devices Internal Debugging Vulnerability Allowing API Exploitation

Vulnerability

A vulnerability exists in certain UniFi Talk devices, including the UniFi Talk Touch, UniFi Talk Touch Max, and UniFi Talk G3 Phones, where internal debugging features were unintentionally left active. This could enable an attacker with access to the UniFi Talk management network to use internal debug functions via the device API. The vulnerability affects UniFi Talk Touch versions through 1.21.16, UniFi Talk Touch Max versions through 2.21.22, and UniFi Talk G3 Phones versions through 3.21.26.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of internal debug operations on the affected devices.

Remediation

Users can update to UniFi Talk Touch version 1.21.17 or later, UniFi Talk Touch Max version 2.21.23 or later, and UniFi Talk G3 Phones version 3.21.27 or later.

Added: Oct 31, 2025, 12:29 AM

Updated: Oct 31, 2025, 12:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubiquiti UniFi Talk Devices Internal Debugging Vulnerability Allowing API Exploitation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating