A critical vulnerability, identified as CVE-2025-10644, has been discovered in multiple Wondershare Repairit products. This flaw allows a remote attacker to bypass authentication mechanisms due to improperly configured security tokens, potentially granting them unauthorized access to read, modify, or delete data processed by the software. Given the critical severity rating, immediate action is required to mitigate the risk of data compromise.

This vulnerability stems from an incorrect permission assignment for Shared Access Signature (SAS) tokens used by the Wondershare Repairit application, likely for interacting with cloud storage services. The application generates or utilizes SAS tokens with overly permissive rights (e.g., read, write, and delete) when only a more restrictive permission (e.g., write-only) is required. A remote attacker who obtains one of these tokens could leverage these excessive permissions to perform unauthorized actions, such as accessing sensitive files, modifying data, or deleting resources, thereby bypassing the intended authentication and authorization controls of the application.

This vulnerability is rated as critical severity with a CVSS score of 9.4, posing a significant risk to the organization. Successful exploitation could lead to a severe breach of data confidentiality, integrity, and availability. Potential consequences include the theft of sensitive or proprietary information processed by Repairit, unauthorized modification or deletion of critical files, and potential reputational damage. The direct access to underlying data storage could circumvent other security controls and lead to significant data loss or a compliance violation depending on the nature of the data being handled.

Immediate Action: The primary remediation is to apply the security update provided by the vendor. All instances of Wondershare Repairit should be updated to the latest version immediately to patch this vulnerability. Following the update, review application and cloud storage access logs for any signs of anomalous activity that may indicate a past compromise.

Proactive Monitoring: Implement enhanced monitoring of network traffic and logs associated with the Wondershare Repairit application and its connected cloud storage. Specifically, look for unusual access patterns, such as access from unexpected geographic locations or IP addresses, large-scale data exfiltration, or modification/deletion of a high volume of files. Correlate application logs with cloud provider logs to detect unauthorized token usage.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. Restrict network access to the affected application and its associated cloud storage resources to only trusted hosts and networks. If possible, review the permissions of the service accounts used by the application and apply the principle of least privilege. Employ a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) to detect and block malicious requests attempting to exploit this vulnerability.

Public Exploit Available: false

Given the critical CVSS score of 9.4, it is imperative that organizations address this vulnerability with the highest priority. The potential for a complete authentication bypass and direct data access presents a severe risk. We strongly recommend that all affected Wondershare Repairit products are updated to the latest patched version immediately. Systems handling sensitive or mission-critical data should be prioritized for patching and subsequent security validation.