CVE-2025-56799

MEDIUM

Reolink 8.18.12 - Command Injection via Crafted Folder Name

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-56799. PoCs published by adminlove520, shinyColumn.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-56799, an OS command injection vulnerability in Reolink Desktop Application 8.18.12. The exploit manipulates the cache clearing scheduler to execute arbitrary commands by injecting payloads into the temporary folder path.

Description

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-56799

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-56799, an OS command injection vulnerability in Reolink Desktop Application 8.18.12. The exploit manipulates the cache clearing scheduler to execute arbitrary commands by injecting payloads into the temporary folder path.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Reolink Desktop Application 8.18.12

No auth needed

Prerequisites: Local file modification access · Chaining with CVE-2025-56801 and CVE-2025-56802 for config decryption

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github WORKING POC 1 stars

by shinyColumn · pythonpoc

https://github.com/shinyColumn/CVE-2025-56799

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-56799, an OS command injection vulnerability in the Reolink Desktop Application (version 8.18.12). The exploit manipulates the cache clearing scheduler to execute arbitrary commands by injecting malicious folder names into the configuration file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Reolink Desktop Application 8.18.12

No auth needed

Prerequisites: Local file modification access · Chaining with CVE-2025-56801 and CVE-2025-56802 for configuration decryption

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/shinyColumn/CVE-2025-56799

View Exploit ZIP pw:eip

Exploit, Third Party Advisory

https://shinycolumn.notion.site/reolink-command-injection

Scores

CVSS v3 6.5

EPSS 0.0113

EPSS Percentile 62.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

reolink/reolink 8.18.12

Published Oct 21, 2025

Tracked Since Feb 18, 2026