VYPR
← All advisories
Unrated severityNVD Advisory· Published May 26, 2026

CVE-2025-68711

CVE-2025-68711

Description

AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents, an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AppLockZ 4.2.11 for Android uses an overlay-based PIN lock that can be bypassed with physical access by navigating through exposed routes and browser intents, leading to information disclosure.

Vulnerability

AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) version 4.2.11 for Android implements a PIN lock as an overlay rather than leveraging Android's secure authentication APIs. This design flaw allows the lock to be bypassed. The vulnerability is present in version 4.2.11 as described in the official description and references [1][2].

Exploitation

A local attacker with physical access to the device can bypass the PIN lock by navigating cascading interface flows. Specifically, the attacker can exploit insecure navigation through exposed routes to evade app control, leveraging advertisement or browser intents to circumvent the lockscreen verification and access protected applications (e.g., Chrome). No authentication or special privileges are required beyond physical possession of the unlocked device [1][2].

Impact

Successful exploitation enables the attacker to access protected apps, resulting in disclosure of sensitive information stored within those apps and local privilege escalation. The attacker can bypass the intended access controls of the AppLockZ overlay, compromising the confidentiality and integrity of user data [1][2].

Mitigation

As of the publication date (2026-05-26), no official fix has been disclosed in the available references. The vendor has not released a patched version or provided a workaround. Users should consider alternative app lock solutions that properly use Android's secure authentication APIs until a fix is available [1][2][3].

References
  1. applock.passwordfingerprint.applockz/CVE-2025-68711 at main · actuator/applock.passwordfingerprint.applockz
  2. GitHub - actuator/applock.passwordfingerprint.applockz
  3. App Lock and Fingerprint Lock - Apps on Google Play

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.