CVE-2025-56801 – The Reolink Desktop Application uses predictabl... (How to Fix)

Q: What is the severity of CVE-2025-56801?

CVE-2025-56801 has a CVSS score of 5.1 (MEDIUM). The Reolink Desktop Application uses predictable initialization vectors in its AES-CFB encryption, potentially allowing attackers with local access to decrypt sensitive configuration data. This affects users of the vulnerable version who have the application installed on their systems. The vendor disputes the hardcoded nature, claiming IVs are randomly generated per installation.

📋 TL;DR

The Reolink Desktop Application uses predictable initialization vectors in its AES-CFB encryption, potentially allowing attackers with local access to decrypt sensitive configuration data. This affects users of the vulnerable version who have the application installed on their systems. The vendor disputes the hardcoded nature, claiming IVs are randomly generated per installation.

💻 Affected Systems

Products:

Reolink Desktop Application

Versions: 8.18.12

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the specified version are affected according to the CVE description, though the vendor disputes the vulnerability's existence.

📦 What is this software?

Reolink by Reolink

View all CVEs affecting Reolink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt stored credentials, API keys, or other sensitive configuration data, leading to unauthorized access to Reolink camera systems or other integrated services.

🟠

Likely Case

Local attackers extract and decrypt configuration files to gain insights into system setup or potentially recover stored credentials.

🟢

If Mitigated

With proper access controls, only authorized users can access the application environment, limiting exposure to trusted personnel.

🌐 Internet-Facing: LOW - This requires local access to the application environment; not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Internal attackers with access to the system could exploit this to decrypt sensitive configuration data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to encrypted configuration files and understanding of the AES-CFB implementation; proof-of-concept code is available in the GitHub reference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

Check for updates from Reolink; if a patched version is released, upgrade to it. Currently, no official fix is documented.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and logical access to systems running the vulnerable application to trusted users only.

Monitor Configuration Files

all

Implement file integrity monitoring on Reolink configuration files to detect unauthorized access attempts.

🧯 If You Can't Patch

Uninstall the vulnerable version if not required.
Isolate the application on a dedicated system with strict access controls.

🔍 How to Verify

Check if Vulnerable:

Check the application version in settings or via 'About' menu; if version is 8.18.12, it is vulnerable.

Check Version:

Check within the Reolink Desktop Application UI under Help > About or similar menu.

Verify Fix Applied:

Upgrade to a version later than 8.18.12 and verify the IV generation uses cryptographically secure random values.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Reolink configuration files
Failed decryption attempts in application logs

Network Indicators:

N/A - This is a local vulnerability not involving network exploitation

SIEM Query:

Search for file access events on Reolink configuration paths (e.g., on Windows: %APPDATA%\Reolink\config files)

📊 Metadata

CVE ID: CVE-2025-56801

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-321

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: October 21, 2025

Last Updated: November 17, 2025

🔗 References

https://github.com/shinyColumn/CVE-2025-56801 Exploit,Third Party Advisory
https://shinycolumn.notion.site/reolink-aes-iv Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56801, you might also want to check these: