Unrated severityNVD Advisory· Published Aug 22, 2025· Updated Sep 4, 2025

CVE-2025-55621

Description

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.

Affected products

Reolink/Reolinkdescription
Reolink/Reolinkllm-fuzzy
Range: = 4.54.0.4.20250526

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

relieved-knuckle-264.notion.site/Reolink-Download-a-profile-due-to-IDOR-21a43700364280ef9fc1ffb9c484a03emitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000