Unrated severityNVD Advisory· Published Oct 21, 2025· Updated Oct 22, 2025

CVE-2025-56802

Description

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Affected products

Reolink/Reolink desktop applicationdescription
Reolink/Desktop Applicationllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

shinycolumn.notion.site/reolink-aes-keymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000