PatchSiren cyber security CVE debrief
CVE-2025-68710 actuator CVE debrief
CVE-2025-68710 documents a local authentication bypass in Easyelife App lock (also known as Fingerprint, Applock, or locker.app.safe.applocker) version 1.9.2 for Android. The vulnerability was published to the CVE List on 26 May 2026 and last modified the same day. The application's PIN lock mechanism is implemented as an overlay rather than using Android's secure authentication APIs. A local attacker with physical device access can bypass this lock by navigating cascading interface flows—specifically, by exploiting insecure navigation through exposed routes that facilitate app control evasion via advertisement or browser intents. Successful exploitation allows access to protected applications such as Chrome, resulting in information disclosure and privilege escalation. The vulnerability status is currently listed as Deferred in the National Vulnerability Database. No CVSS score or severity rating has been assigned. The vendor is currently identified as Unknown Vendor with low confidence based on reference domain analysis, and this attribution requires review. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- actuator
- Product
- locker.app.safe.applocker
- CVSS
- LOW 2.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-27
Who should care
Organizations and individuals relying on Easyelife App lock for application protection on Android devices; mobile device administrators in enterprise environments; security-conscious users requiring physical access controls on shared or unattended Android devices; incident response teams investigating unauthorized access to protected mobile applications
Technical summary
The Easyelife App lock application implements PIN-based application locking using an overlay mechanism rather than Android's secure authentication APIs. This architectural weakness allows a physically present attacker to bypass the lockscreen by exploiting cascading interface navigation flows. The attack vector leverages advertisement intents and browser intents to navigate through exposed routes, effectively evading the overlay-based verification. The vulnerability enables unauthorized access to protected applications, with Chrome specifically mentioned as an example target. The attack requires no specialized tools beyond physical device access and results in both information disclosure (access to protected app data) and privilege escalation (unauthorized execution of protected applications). The vulnerability is classified as Deferred in NVD, indicating pending analysis or vendor coordination.
Defensive priority
medium
Recommended defensive actions
- Review and uninstall Easyelife App lock (locker.app.safe.applocker) version 1.9.2 from Android devices, particularly in environments requiring physical security controls
- Implement device-level authentication controls using Android's native secure authentication APIs rather than third-party overlay-based app lockers
- Apply application control policies to restrict installation of overlay-based security applications that do not leverage Android's secure authentication frameworks
- Monitor for unauthorized access attempts to protected applications on devices where this app locker was previously deployed
- Consider alternative mobile device management solutions that enforce authentication at the operating system level rather than application overlay level
Evidence notes
Vulnerability description sourced from official CVE record and NVD entry. Technical details regarding overlay implementation and bypass mechanism derived from CVE description. Vendor attribution marked as low confidence requiring review. Timeline dates strictly derived from CVE publishedAt and modifiedAt fields per source corpus.
Official resources
2026-05-26