CVE-2025-68708
Local Privilege Escalation in SailingLab AppLock
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alpha | sailinglab_applock | 4.3.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in SailingLab AppLock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock.
This happens because the lock is implemented as an overlay rather than using Android's secure authentication APIs.
By navigating through cascading interface flows and exploiting insecure navigation via advertisement or browser intents, an attacker can evade the lockscreen verification.
This enables the attacker to access protected apps such as Chrome without entering the PIN.
How can this vulnerability impact me? :
This vulnerability can lead to information disclosure and privilege escalation.
An attacker with physical access can bypass the app lock and gain unauthorized access to protected applications and their data.