"Successful exploitation of the two flaws can allow an attacker to circumvent authentication protection on the system and launch a supply chain attack, ultimately resulting in the execution of arbitrary code on customers' endpoints. Trend Micro researchers Alfredo Oliveira and David Fiser said the AI-powered data repair and photo editing application "contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data.""
"The poor development practices include embedding overly permissive cloud access tokens directly in the application's code that enables read and write access to sensitive cloud storage. Furthermore, the data is said to have been stored without encryption, potentially opening the door to wider abuse of users' uploaded images and videos. To make matters worse, the exposed cloud storage contains not only user data but also AI models, software binaries for various products developed by Wondershare, container images, scripts, and company source code,"
Two critical authentication-bypass vulnerabilities were found in Wondershare RepairIt: CVE-2025-10643 (CVSS 9.1) and CVE-2025-10644 (CVSS 9.4), tied to storage account and SAS token permissions. Successful exploitation can bypass authentication, enable supply-chain attacks, and permit arbitrary code execution on customer endpoints. The application embedded overly permissive cloud access tokens in its code and stored uploaded images, videos, AI models, software binaries, container images, scripts, and source code without encryption. Exposed AI models and executables can be modified, allowing attackers to tamper with models and compromise downstream customers and partners.
#authentication-bypass #data-leak #supply-chain-attack #cloud-token-misconfiguration #ai-model-tampering
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]