CVE-2025-55637

CriticalPublic PoCRCE

Published: 22 August 2025

Published

22 August 2025

Modified

21 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0152 81.4th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55637 is a critical-severity Command Injection (CWE-77) vulnerability in Reolink Smart 2K\+ Plug-In Wi-Fi Video Doorbell With Chime Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation and sanitization of inputs to the setddns_pip_system() function to directly prevent command injection exploitation.

AC-3 Access Enforcement good match

prevent

Enforces access control policies requiring authentication and authorization prior to invoking vulnerable functions, blocking unauthenticated network-based exploits.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the identified command injection flaw in the specific firmware version to eliminate the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct remote unauthenticated command injection in network-exposed device enables exploitation of public-facing application for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.

Deeper analysisAI

CVE-2025-55637 is a command injection vulnerability (CWE-77) affecting the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime running firmware version 3.0.0.4662_2503122283. The flaw resides in the setddns_pip_system() function, which allows injection of malicious commands. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.

The vulnerability can be exploited by unauthenticated attackers with network access to the device, requiring low complexity and no user interaction. Successful exploitation enables arbitrary command execution on the underlying system, potentially granting full control over the doorbell device, including access to video feeds, network traffic manipulation, or further compromise of connected networks.

References include the CWE-78 definition (related to OS command injection) at cwe.mitre.org and a detailed advisory on a Notion site describing the Reolink camera command injection via DDNS username. No specific patch or mitigation details are outlined in the provided information.