CVE-2025-56802 – The Reolink desktop application uses a predicta... (How to Fix)

Q: What is the severity of CVE-2025-56802?

CVE-2025-56802 has a CVSS score of 5.1 (MEDIUM). The Reolink desktop application uses a predictable AES encryption key to protect user configuration files, allowing attackers with local system access to decrypt sensitive application data stored in %APPDATA%. This affects users of the Reolink desktop application on Windows systems. The vendor disputes the vulnerability, claiming keys are randomly generated per installation.

📋 TL;DR

The Reolink desktop application uses a predictable AES encryption key to protect user configuration files, allowing attackers with local system access to decrypt sensitive application data stored in %APPDATA%. This affects users of the Reolink desktop application on Windows systems. The vendor disputes the vulnerability, claiming keys are randomly generated per installation.

💻 Affected Systems

Products:

Reolink desktop application

Versions: Unknown specific versions - all versions using the vulnerable encryption method

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration. The vendor disputes the vulnerability claim.

📦 What is this software?

Reolink by Reolink

View all CVEs affecting Reolink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with local access could decrypt configuration files containing sensitive application data, potentially exposing credentials, camera settings, or other private information.

🟠

Likely Case

Malware or malicious users on the same system could access and decrypt Reolink configuration files to gather information about the user's camera setup.

🟢

If Mitigated

With proper access controls and limited local user privileges, the impact is reduced to authorized users only.

🌐 Internet-Facing: LOW - This vulnerability requires local system access and does not directly expose systems to internet-based attacks.

🏢 Internal Only: MEDIUM - Internal users with local access to systems running the vulnerable application could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept code is available on GitHub. Exploitation requires local system access to read configuration files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor disputes vulnerability

Restart Required: No

Instructions:

No official patch available. Monitor Reolink updates for security fixes.

🔧 Temporary Workarounds

Restrict local file access

windows

Apply strict file permissions to Reolink configuration directories to limit access to authorized users only

icacls "%APPDATA%\Reolink" /inheritance:r /grant:r "%USERNAME%:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"

Use application whitelisting

all

Implement application control policies to prevent unauthorized access to Reolink configuration files

🧯 If You Can't Patch

Limit user privileges on systems running Reolink application
Monitor access to Reolink configuration files in %APPDATA%

🔍 How to Verify

Check if Vulnerable:

Check if Reolink desktop application is installed and examine configuration files in %APPDATA%\Reolink for encrypted data

Check Version:

Check Reolink application version through the application's about dialog or installed programs list

Verify Fix Applied:

Verify that configuration files are no longer encrypted with predictable keys or that new versions use proper encryption

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Reolink configuration files
Failed attempts to access encrypted configuration data

Network Indicators:

None - this is a local file system vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE '%APPDATA%\Reolink%' AND AccessMask IN ('0x10000', '0x120089')

📊 Metadata

CVE ID: CVE-2025-56802

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-321

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: October 21, 2025

Last Updated: November 17, 2025

🔗 References

https://github.com/shinyColumn/CVE-2025-56802 Exploit,Third Party Advisory
https://shinycolumn.notion.site/reolink-aes-key Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56802, you might also want to check these: