CVE Catalog

CVE-2025-66737

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.61%

45th percentile - higher than 45% of all known CVEs

Summary

Yealink T21P_E2 Phone version 52.84.0.15 is vulnerable to directory traversal. A remote attacker with normal privileges can read arbitrary files via a crafted request to the diagnostic component's result read function.

Risk Assessment

An attacker could access sensitive system files such as configurations or credentials, potentially leading to privilege escalation or data leakage.

Recommendation

Immediately update the phone firmware to the latest version available from the vendor and restrict access to the diagnostic interface to trusted networks only.

Original NVD description (English source)

Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS