shinyColumn/CVE-2025-56799

Releases0

Stars1

OS Command Injection Vulnerability via Cache Clearing Scheduler in Reolink Desktop Application

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56799 ↗	Oct 21, 2025Tuesday, 21 October 2025, 19:21	6.5 MEDIUM	—
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.