Login Sign Up

CVE-2025-55623

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass the lock screen authentication on Reolink mobile apps by exploiting Android Debug Bridge (ADB) access. It affects users of Reolink v4.54.0.4.20250526 who have ADB enabled on their devices. Attackers with physical or remote ADB access can unlock the app without credentials.

💻 Affected Systems

Products:
  • Reolink mobile application
Versions: v4.54.0.4.20250526
Operating Systems: Android
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when ADB is enabled on the Android device. Most consumer devices have ADB disabled by default.

📦 What is this software?

Reolink by Reolink

View all CVEs affecting Reolink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to live camera feeds, recorded footage, and device settings, potentially compromising privacy and security of monitored locations.

🟠

Likely Case

Local attackers with physical device access bypass lock screen to view camera feeds and settings without authorization.

🟢

If Mitigated

With ADB disabled and proper device security controls, impact is limited to physical device compromise scenarios.

🌐 Internet-Facing: LOW - Exploitation requires ADB access which is typically not internet-facing by default.
🏢 Internal Only: MEDIUM - Risk exists if devices have ADB enabled and are accessible on internal networks or physically.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ADB access to the device, which typically needs USB debugging enabled or network ADB configured.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version after v4.54.0.4.20250526

Vendor Advisory: https://relieved-knuckle-264.notion.site/Reolink-App-lock-screen-Bypass-21a437003642804f869fde8535d18a3f?source=copy_link

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for Reolink app 3. Check for updates 4. Install latest version 5. Verify version is newer than v4.54.0.4.20250526

🔧 Temporary Workarounds

Disable ADB/Developer Options

Android

Turn off Android Debug Bridge access to prevent exploitation vector

Go to Settings > Developer Options > Turn off 'USB debugging' and 'Wireless debugging'

🧯 If You Can't Patch

  • Disable ADB/Developer Options on all Android devices running Reolink app
  • Implement physical security controls to prevent unauthorized device access

🔍 How to Verify

Check if Vulnerable:

Check Reolink app version in app settings. If version is exactly v4.54.0.4.20250526 and ADB is enabled, device is vulnerable.

Check Version:

Open Reolink app > Settings > About > Check version number

Verify Fix Applied:

Update app through Play Store and confirm version is newer than v4.54.0.4.20250526

📡 Detection & Monitoring

Log Indicators:

  • ADB connection attempts to device
  • Reolink app authentication bypass events

Network Indicators:

  • ADB protocol traffic (default port 5555) to Android devices

SIEM Query:

source="android_logs" AND (process="adbd" OR message="*ADB*" OR message="*debugging*")

📊 Metadata

CVE ID: CVE-2025-55623
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CWE: CWE-288
EPSS Score: 0.04% exploit probability (13.4th percentile)
Published: August 22, 2025
Last Updated: August 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55623, you might also want to check these:

CVE-2024-2973 10.0

This CVE-2024-2973 is an authentication bypass vulnerability affecting Juniper Networks Session Smar...

Same vulnerability type (CWE-288)
CVE-2024-1709 10.0

CVE-2024-1709 is an authentication bypass vulnerability in ConnectWise ScreenConnect that allows att...

Same vulnerability type (CWE-288)
CVE-2024-10081 10.0

CVE-2024-10081 is an authentication bypass vulnerability in CodeChecker that allows attackers to gai...

Same vulnerability type (CWE-288)