6.3

CVE-2025-55625

Exploit

EPSS 0.05%
Veröffentlicht 22.08.2025 00:00:00
Zuletzt bearbeitet 26.09.2025 14:05:02
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Reolink ≫ Reolink Version4.54.0.4.20250526 SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://cwe.mitre.org/data/definitions/601.html

Third Party Advisory

https://relieved-knuckle-264.notion.site/Reolink-Deeplink-Redirect-21b437003642804a865af2fb02942f66

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-55625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55625

EUVD