CVE-2025-68710
Local Overlay Bypass in Easyelife App Lock
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easyelife | app_lock | 1.9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68710 affects Easyelife App lock (also known as Fingerprint, Applock, or locker.app.safe.applocker) version 1.9.2 for Android. The vulnerability allows a local attacker with physical access to bypass the PIN lock because the lockscreen is implemented as an overlay rather than using Android's secure authentication APIs.
An attacker can exploit insecure navigation through exposed interface routes, such as advertisement or browser intents, to navigate cascading interface flows and evade the lockscreen verification. This enables unauthorized access to protected applications like Chrome.
This flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and requires local physical access combined with UI interaction via ad or browser intent routes that bypass the overlay without re-authentication.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to protected applications on the affected device, such as Chrome, by bypassing the PIN lock.
As a result, sensitive information stored or accessible through these apps can be disclosed to an attacker.
Additionally, the attacker may gain elevated privileges within the app environment, leading to privilege escalation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability in Easyelife App lock 1.9.2 allows a local attacker with physical access to bypass the PIN lock by exploiting insecure overlay implementation and navigation through advertisement or browser intents. Detection would require physical access to the device and interaction with the app's interface flows.
Since the vulnerability involves UI interaction and overlay bypass rather than network activity, there are no specific network commands or automated detection commands available from the provided information.
To detect the vulnerability manually, one could attempt to access protected apps (e.g., Chrome) on a device running Easyelife App lock 1.9.2 by navigating through advertisement or browser intents to see if the PIN lock can be bypassed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to devices running Easyelife App lock 1.9.2, as the vulnerability requires local physical access.
Avoid relying solely on this app's PIN lock for securing sensitive applications, since the lock is implemented as an insecure overlay rather than using Android's secure authentication APIs.
Consider uninstalling or disabling the Easyelife App lock 1.9.2 until a patched version is available, or use alternative app locking solutions that properly implement secure authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not explicitly mention the impact of CVE-2025-68710 on compliance with common standards and regulations such as GDPR or HIPAA.