CVE-2025-55621 — MEDIUM (6.5)

Vulnerability Description

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Reolink	Reolink	4.54.0.4.20250526

Related Weaknesses (CWE)

CWE-639

References

https://relieved-knuckle-264.notion.site/Reolink-Download-a-profile-due-to-IDOR-ExploitThird Party Advisory

FAQ

What is CVE-2025-55621?

CVE-2025-55621 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is...

How severe is CVE-2025-55621?

CVE-2025-55621 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-55621?

Check the references section above for vendor advisories and patch information. Affected products include: Reolink Reolink.