← Back

CVE-2025-55621

nvd nist
Published: Aug 22, 2025Modified: Oct 2, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.

Affected (1)

Products: Reolink: Reolink
Reolink
1 product
Reolink
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Reolink
Version 4.54.0.4.20250526

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.