CVE-2025-52917 is a medium-severity vulnerability affecting the Yealink RPS (Redirection and Provisioning Service) API versions prior to May 26, 2025. The core issue is the lack of rate limiting or throttling controls on the API, which allows an attacker to send excessive requests without restriction. This vulnerability is categorized under CWE-770, which refers to the allocation of resources without limits or throttling. Exploiting this flaw could lead to information disclosure, as the API may respond with sensitive data when overwhelmed by a high volume of requests. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity. It requires some level of privileges (PR:L) but no user interaction (UI:N). The CVSS v3.1 base score is 4.3, indicating a medium severity impact primarily on confidentiality, with no impact on integrity or availability. There are no known exploits in the wild at this time, and no patches have been linked yet. The vulnerability affects the Yealink RPS product, which is widely used for provisioning and managing Yealink VoIP phones and related communication devices.

For European organizations, this vulnerability poses a moderate risk, especially for enterprises and public sector entities that rely heavily on Yealink VoIP infrastructure for communication. Information disclosure could expose sensitive configuration details, user credentials, or provisioning data, potentially aiding attackers in further compromising telephony systems or conducting targeted attacks such as eavesdropping or impersonation. While the vulnerability does not directly impact system availability or integrity, the exposure of confidential provisioning information could undermine trust in communication systems and lead to privacy violations under GDPR. Organizations in sectors like finance, healthcare, government, and critical infrastructure, where secure communications are paramount, may face increased risks if this vulnerability is exploited.

To mitigate this vulnerability, European organizations using Yealink RPS should implement the following specific measures: 1) Immediately monitor API usage patterns to detect abnormal request volumes indicative of abuse. 2) Apply network-level rate limiting or throttling controls via firewalls or API gateways to restrict excessive requests to the RPS API. 3) Enforce strict access controls and authentication mechanisms to limit API access only to authorized provisioning systems and administrators. 4) Segregate the RPS API network segment from general user networks to reduce exposure. 5) Regularly audit provisioning logs for suspicious activity. 6) Engage with Yealink support to obtain patches or updates addressing this vulnerability as soon as they become available. 7) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block anomalous API request patterns. These steps go beyond generic advice by focusing on compensating controls until official patches are released.