CVE-2025-56799 – The Reolink desktop application version 8.18.12... (How to Fix)

Q: What is the severity of CVE-2025-56799?

CVE-2025-56799 has a CVSS score of 6.5 (MEDIUM). The Reolink desktop application version 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism. An attacker could execute arbitrary commands by crafting a malicious folder name, potentially leading to remote code execution. This primarily affects users running the vulnerable desktop application on their local systems.

📋 TL;DR

The Reolink desktop application version 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism. An attacker could execute arbitrary commands by crafting a malicious folder name, potentially leading to remote code execution. This primarily affects users running the vulnerable desktop application on their local systems.

💻 Affected Systems

Products:

Reolink Desktop Application

Versions: 8.18.12

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the scheduled cache-clearing feature. The vendor disputes the severity, noting that exploitation requires a local user to attack themselves via crafted folder names.

📦 What is this software?

Reolink by Reolink

View all CVEs affecting Reolink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could execute arbitrary commands with the privileges of the Reolink application user, potentially leading to full system compromise, data theft, or malware installation.

🟠

Likely Case

Limited impact since exploitation requires local access and a crafted folder name, making it more relevant for targeted attacks against specific users rather than widespread exploitation.

🟢

If Mitigated

With proper user privilege separation and application sandboxing, impact would be limited to the application's context without system-wide compromise.

🌐 Internet-Facing: LOW - This is a desktop application vulnerability requiring local access, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - While requiring local access, it could be exploited by malicious insiders or through social engineering to compromise user workstations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and creation of a specially crafted folder name. Public proof-of-concept exists in the provided GitHub reference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.18.13 or later

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Open Reolink desktop application. 2. Navigate to Settings > About. 3. Check for updates and install the latest version (8.18.13+). 4. Restart the application after update.

🔧 Temporary Workarounds

Disable scheduled cache clearing

all

Prevent the vulnerable feature from executing by disabling automatic cache cleaning

Restrict folder creation permissions

all

Limit ability to create folders in directories accessible to Reolink application

🧯 If You Can't Patch

Run Reolink application with minimal user privileges (not as administrator/root)
Monitor for unusual process creation from Reolink application using endpoint detection tools

🔍 How to Verify

Check if Vulnerable:

Check Reolink application version in Settings > About. If version is exactly 8.18.12, the system is vulnerable.

Check Version:

Check application version in GUI: Settings > About

Verify Fix Applied:

After updating, verify version is 8.18.13 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution from Reolink process
Creation of unexpected folders or files by Reolink application

Network Indicators:

Outbound connections from Reolink to unexpected destinations

SIEM Query:

Process creation where parent_process contains 'reolink' and command_line contains suspicious patterns like 'cmd', 'powershell', 'bash'

📊 Metadata

CVE ID: CVE-2025-56799

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-77

EPSS Score: 8.93% exploit probability (92.4th percentile)

Published: October 21, 2025

Last Updated: November 17, 2025

🔗 References

https://github.com/shinyColumn/CVE-2025-56799 Exploit,Third Party Advisory
https://shinycolumn.notion.site/reolink-command-injection Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56799, you might also want to check these: