Security Advisory

CVE-2025-55621

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-22 00:00:00
Last updated 2025-09-04 14:37:30
Assigner mitre
State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.