CVE-2025-56800

MEDIUM

Reolink 8.18.12 - Authentication Bypass via Client-Side Lock Screen Password Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-56800. PoCs published by adminlove520, shinyColumn.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2025-56800, a local authentication bypass vulnerability in Reolink Desktop Application 8.18.12. The exploit modifies client-side JavaScript to bypass the lock screen password check by patching the `get_settings_lock_screen_password` handler.

Description

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only occur if the local user modified his own instance of the application.

Exploits (2)

github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-56800

The repository contains a functional PoC for CVE-2025-56800, a local authentication bypass vulnerability in Reolink Desktop Application 8.18.12. The exploit modifies client-side JavaScript to bypass the lock screen password check by patching the `get_settings_lock_screen_password` handler.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Reolink Desktop Application 8.18.12
No auth needed
Prerequisites: Local file system access to the Reolink application directory
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WORKING POC
by shinyColumn · pythonpoc
https://github.com/shinyColumn/CVE-2025-56800

The repository contains a functional PoC for CVE-2025-56800, demonstrating a local authentication bypass in Reolink Desktop Application 8.18.12 by patching client-side JavaScript to neutralize the lock screen password check.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Reolink Desktop Application 8.18.12
No auth needed
Prerequisites: Local file system access to modify JavaScript files in the Reolink installation directory
devstral-2 · analyzed May 17, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.1
EPSS 0.0022
EPSS Percentile 12.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-290
Status published
Products (1)
reolink/reolink 8.18.12
Published Oct 21, 2025
Tracked Since Feb 18, 2026