cbcvebase.
CVE-2025-10643
published 2025-09-17

CVE-2025-10643: Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication…

PriorityP273critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EPSS
2.82%
84.8th percentile
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.

Affected

1 ranges
VendorProductVersion rangeFixed in
wondersharerepairit

Detection & IOCsextracted from sources · hover to see the quote

  • Search for hardcoded cloud storage credentials (access ID and secret key) embedded within the Wondershare Repairit compiled binary executable — look for cloud object storage identifiers, API endpoints, secret access ID/key strings, and bucket names in the binary
  • Inspect the Wondershare Repairit compiled binary for hardcoded read/write cloud storage credentials — the same token grants both read and write access to the bucket and is present in the binary
  • Monitor for unexpected downloads of AI model zip files from cloud storage buckets by the Wondershare Repairit binary — the binary is configured with a specific bucket address and AI model zip file name and automatically retrieves and executes AI models from the cloud storage
  • Alert on Wondershare Repairit uploading or retaining user photos/videos to cloud storage, contradicting its stated privacy policy of not storing user data
  • Detect potential supply chain compromise by monitoring for replacement or modification of AI models, configuration files, or signed executables in the Wondershare cloud storage bucket — attackers with the hardcoded credentials could replace legitimate content with malicious payloads
  • ·No specific credential values, bucket names, domain names, IPs, hashes, or URLs were published verbatim in the sources — the exact hardcoded access ID, secret key, bucket name, and API endpoint strings are only visible in the binary itself (shown in figures not reproduced as text)
  • ·The vulnerability affects the permissions granted to a storage account token embedded in the Wondershare Repairit binary; no patched version or specific affected version range is stated in the available sources
  • ·CVE-2025-10643 is paired with CVE-2025-10644 — both were disclosed on September 17, 2025 via Trend ZDI (ZDI-CAN-26902); full technical details including exact credential strings were withheld from public sources
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.