Authentication Bypass Vulnerability in Reolink Desktop Application
CVE-2025-56800

5.1MEDIUM

Key Information:

Vendor

Reolink

Status
Reolink Desktop Application
Vendor
CVE Published:
21 October 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-56800?

The Reolink desktop application version 8.18.12 has a vulnerability in its local authentication mechanism where the lock screen password logic is implemented on the client side using JavaScript. This creates a potential security risk, as the password can be stored and modified through a JavaScript property, allowing an attacker to bypass authentication processes. The situation is complicated by the supplier's claims that such a bypass would only be feasible if a local user intentionally alters their application instance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-56800
Created by shinyColumn

References

https://shinycolumn.notion.site/reolink-auth-bypass
https://github.com/shinyColumn/CVE-2025-56800

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.