Cyber Resilience

CVE-2025-55637

CriticalPublic PoCRCE

Published: 22 August 2025

Published
22 August 2025
Modified
21 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0189 83.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55637 is a critical-severity Command Injection (CWE-77) vulnerability in Reolink Smart 2K\+ Plug-In Wi-Fi Video Doorbell With Chime Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime firmware version 3.0.0.4662_2503122283 contains a command injection vulnerability in the setddns_pip_system() function. The flaw is tracked as CVE-2025-55637 with a CVSS 3.1 score of 9.8 and is classified under CWE-77, indicating improper neutralization of special elements used in a command.

The vulnerability can be exploited remotely by an unauthenticated attacker over the network. Successful exploitation grants the ability to execute arbitrary commands on the affected device, resulting in full compromise of confidentiality, integrity, and availability.

The EPSS score remains flat at 0.0189 with no observed increase after disclosure. The provided references consist of a CWE definition page and a disclosure note on a Notion site but contain no details on patches or mitigation steps.

EU & UK References

Vulnerability details

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated command injection in network-exposed device enables exploitation of public-facing application for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-34267Shared CWE-77
CVE-2024-34166Shared CWE-77
CVE-2026-30461Shared CWE-77
CVE-2025-64093Shared CWE-77
CVE-2024-54660Shared CWE-77
CVE-2026-26093Shared CWE-77
CVE-2026-30352Shared CWE-77
CVE-2026-44854Shared CWE-77
CVE-2026-3854Shared CWE-77
CVE-2024-55062Shared CWE-77

Affected Assets

reolink
smart 2k\+ plug-in wi-fi video doorbell with chime firmware
3.0.0.4662_2503122283

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation and sanitization of inputs to the setddns_pip_system() function to directly prevent command injection exploitation.

prevent

Enforces access control policies requiring authentication and authorization prior to invoking vulnerable functions, blocking unauthenticated network-based exploits.

prevent

Mandates timely remediation of the identified command injection flaw in the specific firmware version to eliminate the vulnerability.

References