Primary

Context

Yealink YMCS RPS API Rate Limiting Vulnerability

Vulnerability

A vulnerability exists in the Yealink YMCS RPS API prior to May 26, 2025, due to a lack of rate limiting. This absence of controls could allow for information disclosure by exploiting excessive requests.

Impact

The vulnerability could lead to information disclosure through the exploitation of excessive requests, potentially causing a denial-of-service condition by overwhelming the server with traffic.

Remediation

Yealink has patched this vulnerability by implementing rate limiting controls for sensitive APIs in the YMCS RPS platform. The security update was released on May 26, 2025, and has been automatically deployed to all YMCS cloud service instances.

Added: Jun 21, 2025, 11:20 PM

Updated: Jun 22, 2025, 12:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yealink YMCS RPS API Rate Limiting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating