CVE-2025-10643
published 2025-09-17CVE-2025-10643: Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication…
PriorityP273critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EPSS
2.82%
84.8th percentile
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wondershare | repairit | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Search for hardcoded cloud storage credentials (access ID and secret key) embedded within the Wondershare Repairit compiled binary executable — look for cloud object storage identifiers, API endpoints, secret access ID/key strings, and bucket names in the binary ↗
- →Inspect the Wondershare Repairit compiled binary for hardcoded read/write cloud storage credentials — the same token grants both read and write access to the bucket and is present in the binary ↗
- →Monitor for unexpected downloads of AI model zip files from cloud storage buckets by the Wondershare Repairit binary — the binary is configured with a specific bucket address and AI model zip file name and automatically retrieves and executes AI models from the cloud storage ↗
- →Alert on Wondershare Repairit uploading or retaining user photos/videos to cloud storage, contradicting its stated privacy policy of not storing user data ↗
- →Detect potential supply chain compromise by monitoring for replacement or modification of AI models, configuration files, or signed executables in the Wondershare cloud storage bucket — attackers with the hardcoded credentials could replace legitimate content with malicious payloads ↗
- ·No specific credential values, bucket names, domain names, IPs, hashes, or URLs were published verbatim in the sources — the exact hardcoded access ID, secret key, bucket name, and API endpoint strings are only visible in the binary itself (shown in figures not reproduced as text) ↗
- ·The vulnerability affects the permissions granted to a storage account token embedded in the Wondershare Repairit binary; no patched version or specific affected version range is stated in the available sources ↗
- ·CVE-2025-10643 is paired with CVE-2025-10644 — both were disclosed on September 17, 2025 via Trend ZDI (ZDI-CAN-26902); full technical details including exact credential strings were withheld from public sources ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI)
## AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser 2025/09/23 Read time: ( words)
Save to Folio
Our analysis found that poor DevSecOps practices led to an overly permissive cloud access token being embedded within the application’s source code. This token exposed sensitive information stored in the cloud storage bucket. Furthermore, the data was stored without encryption; this made it accessible to anyone with basic technical knowledge, who could subsequently download
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI)
# AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser
2025/09/23
Read time: ( words)
Save to Folio
## Key takeaways
- An AI-powered application for enhancing images and videos named Wondershare RepairIt may have inadvertently contradicted its privacy policy by collecting and retaining sensitive user photos. Poor Development, Security, and Operations (DevSecOps) practices allowed overly permissive cloud access tokens to be embedded in the application’s code.
- The hardcod
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Künstliche Intelligenz (KI)
## AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser Sep 23, 2025 Read time: ( words)
Save to Folio
Our analysis found that poor DevSecOps practices led to an overly permissive cloud access token being embedded within the application’s source code. This token exposed sensitive information stored in the cloud storage bucket. Furthermore, the data was stored without encryption; this made it accessible to anyone with basic technical knowledge, who could subsequently download
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI)
## AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser Sep 23, 2025 Read time: ( words)
Save to Folio
Our analysis found that poor DevSecOps practices led to an overly permissive cloud access token being embedded within the application’s source code. This token exposed sensitive information stored in the cloud storage bucket. Furthermore, the data was stored without encryption; this made it accessible to anyone with basic technical knowledge, who could subsequently downloa
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Inteligencia artificial (IA)
## AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser Sep 23, 2025 Read time: ( words)
Save to Folio
Our analysis found that poor DevSecOps practices led to an overly permissive cloud access token being embedded within the application’s source code. This token exposed sensitive information stored in the cloud storage bucket. Furthermore, the data was stored without encryption; this made it accessible to anyone with basic technical knowledge, who could subsequently downloa
Trendmicro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
blogs_trendmicro·2025-09-23
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI)
## AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to insecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
By: Alfredo Oliveira, David Fiser Sep 23, 2025 Read time: ( words)
Save to Folio
Our analysis found that poor DevSecOps practices led to an overly permissive cloud access token being embedded within the application’s source code. This token exposed sensitive information stored in the cloud storage bucket. Furthermore, the data was stored without encryption; this made it accessible to anyone with basic technical knowledge, who could subsequently downloa
2025-09-17
Published