CVE-2025-10644

Critical CVSS: 9.4

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack and execute arbitrary code on customers' endpoints. Was ZDI-CAN-26892.

Vendor

Wondershare

Product

Repairit

CWE

CWE-266

Yayın Tarihi

2025-09-17 21:15:37

Güncelleme

2025-09-19 12:58:57

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-266 Repairit CRITICAL Wondershare 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-896/

Benzer Kayıtlar

High

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executa…

High

CVE-2022-50900

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary…

High

CVE-2022-50901

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users…

High

CVE-2022-50903

Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local…

Critical

CVE-2025-10643

Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remo…

High

CVE-2025-5180

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue…