Cyber Resilience

CVE-2025-56799

MediumPublic PoC

Published: 21 October 2025

Published
21 October 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0239 85.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-56799 is a medium-severity Command Injection (CWE-77) vulnerability in Reolink Reolink. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Windows Command Shell (T1059.003); ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking…

more

himself.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection vulnerability in the application's scheduled cache-clearing mechanism allows arbitrary command execution via crafted folder name in the path, using Windows Command Shell (rd /s /q) on Windows and Unix Shell (rm -rf) on macOS. The daily scheduler facilitates persistent execution.

Affected Assets

reolink
reolink
8.18.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References