VYPR
← All advisories
Unrated severityNVD Advisory· Published May 26, 2026· Updated May 26, 2026

CVE-2025-68710

CVE-2025-68710

Description

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Easyelife App lock 1.9.2 for Android allows local attackers to bypass PIN lock via overlay and insecure intents, leading to information disclosure.

Vulnerability

Easyelife App lock (Fingerprint,Applock or locker.app.safe.applocker) version 1.9.2 for Android implements the PIN lock as an overlay instead of using Android's secure authentication APIs [1]. The app has insecure navigation through exposed routes, which allows an attacker to evade the lockscreen via advertisement or browser intents [2].

Exploitation

A local attacker with physical access to the device can trigger cascading interface flows, such as opening an advertisement or browser intent, to bypass the lockscreen verification [2]. This does not require authentication or special privileges beyond physical access.

Impact

Successful exploitation allows the attacker to access protected apps (e.g., Chrome) without entering the PIN, resulting in information disclosure and privilege escalation [2]. The attacker gains access to the same data and functionality as the legitimate user.

Mitigation

As of the publication date, no fixed version has been released. The vendor has not provided a workaround or patch. Users should be cautious about granting the app lock permissions and consider using alternative app lock solutions that leverage Android's secure authentication APIs [3].

References
  1. App lock - Fingerprint,Applock - Apps on Google Play
  2. locker.app.safe.applocker/CVE-2025-68710 at main · actuator/locker.app.safe.applocker
  3. GitHub - actuator/locker.app.safe.applocker

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.