CVE-2025-68710
Deferred Deferred - Pending Action
Local Overlay Bypass in Easyelife App Lock

Publication date: 2026-05-26

Last updated on: 2026-05-27

Assigner: MITRE

Description
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68710
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
easyelife app_lock 1.9.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68710 affects Easyelife App lock (also known as Fingerprint, Applock, or locker.app.safe.applocker) version 1.9.2 for Android. The vulnerability allows a local attacker with physical access to bypass the PIN lock because the lockscreen is implemented as an overlay rather than using Android's secure authentication APIs.

An attacker can exploit insecure navigation through exposed interface routes, such as advertisement or browser intents, to navigate cascading interface flows and evade the lockscreen verification. This enables unauthorized access to protected applications like Chrome.

This flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and requires local physical access combined with UI interaction via ad or browser intent routes that bypass the overlay without re-authentication.

Impact Analysis

This vulnerability can lead to unauthorized access to protected applications on the affected device, such as Chrome, by bypassing the PIN lock.

As a result, sensitive information stored or accessible through these apps can be disclosed to an attacker.

Additionally, the attacker may gain elevated privileges within the app environment, leading to privilege escalation.

Detection Guidance

The vulnerability in Easyelife App lock 1.9.2 allows a local attacker with physical access to bypass the PIN lock by exploiting insecure overlay implementation and navigation through advertisement or browser intents. Detection would require physical access to the device and interaction with the app's interface flows.

Since the vulnerability involves UI interaction and overlay bypass rather than network activity, there are no specific network commands or automated detection commands available from the provided information.

To detect the vulnerability manually, one could attempt to access protected apps (e.g., Chrome) on a device running Easyelife App lock 1.9.2 by navigating through advertisement or browser intents to see if the PIN lock can be bypassed.

Mitigation Strategies

Immediate mitigation steps include restricting physical access to devices running Easyelife App lock 1.9.2, as the vulnerability requires local physical access.

Avoid relying solely on this app's PIN lock for securing sensitive applications, since the lock is implemented as an insecure overlay rather than using Android's secure authentication APIs.

Consider uninstalling or disabling the Easyelife App lock 1.9.2 until a patched version is available, or use alternative app locking solutions that properly implement secure authentication.

Compliance Impact

The provided context and resources do not explicitly mention the impact of CVE-2025-68710 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart