Wondershare RepairIt critical authentication bypass flaws authentication bypass flaw (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Wondershare RepairIt contains two critical authentication bypass flaws that can let attackers defeat storage account token and SAS token permission checks, creating risk of arbitrary code execution on customers' endpoints. The issues are tracked as CVE-2025-10643 and CVE-2025-10644, and researchers warned they could also enable AI model tampering and supply chain attacks. No vendor fix had been issued at disclosure time, so the immediate concern was the exposed attack surface around the product's cloud-backed components.
Related Happenings
CISA KEV remediation order for five exploited Apple, Craft CMS, and Laravel Livewire flaws
Advisory/Mitigation
First: 21.03.2026 10:25
Last: 21.03.2026 10:25
Sources 1
About this happening:
**CISA** added **five exploited flaws** affecting **Apple**, **Craft CMS**, and **Laravel Livewire** to the **KEV catalog**, creating an urgent remediation requirement for federal...
CISA KEV remediation order for five exploited Apple, Craft CMS, and Laravel Livewire flaws
Advisory/MitigationAbout this happening: **CISA** added **five exploited flaws** affecting **Apple**, **Craft CMS**, and **Laravel Livewire** to the **KEV catalog**, creating an urgent remediation requirement for federal...
Ivanti Endpoint Manager unpatched RCE and privilege-escalation flaws deserialization flaw
Vulnerability
First: 10.10.2025 12:45
Last: 10.10.2025 12:45
Sources 1
About this happening:
ZDI disclosed **13 unpatched flaws** in **Ivanti Endpoint Manager**, including a **local privilege-escalation bug** and **12 RCE issues** that can expose affected deployments to *...
Ivanti Endpoint Manager unpatched RCE and privilege-escalation flaws deserialization flaw
VulnerabilityAbout this happening: ZDI disclosed **13 unpatched flaws** in **Ivanti Endpoint Manager**, including a **local privilege-escalation bug** and **12 RCE issues** that can expose affected deployments to *...
Timeline
-
24.09.2025 16:55 2 articles · 8mo ago
Initial report: Wondershare RepairIt critical authentication bypass flaws authentication bypass flaw (multiple vulnerabi
Initial DisclosureTrend Micro identified **CVE-2025-10643** and **CVE-2025-10644** in **Wondershare RepairIt** after finding authentication bypass paths in cloud token permissions. The early risk centered on unauthorized access that could be expanded into **supply-chain abuse** and **code execution**.
Show sources
- Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models — thehackernews.com — 24.09.2025 16:55
- Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models — thehackernews.com — 24.09.2025 16:55