CVE-2025-10643

Critical CVSS: 9.1

Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.

Vendor

Wondershare

Product

Repairit

CWE

CWE-732

Yayın Tarihi

2025-09-17 21:15:37

Güncelleme

2025-09-19 12:59:05

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-732 Repairit CRITICAL Wondershare 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-895/

Benzer Kayıtlar

High

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executa…

High

CVE-2022-50900

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary…

High

CVE-2022-50901

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users…

High

CVE-2022-50903

Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local…

Critical

CVE-2025-10644

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability a…

High

CVE-2025-5180

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue…