CVE-2025-10643
📋 TL;DR
This vulnerability allows remote attackers to bypass authentication in Wondershare Repairit without requiring credentials. Attackers can exploit incorrect permission assignments in storage account tokens to gain unauthorized access. All users running vulnerable versions of Wondershare Repairit are affected.
💻 Affected Systems
- Wondershare Repairit
📦 What is this software?
Repairit by Wondershare
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to access, modify, or delete all files processed by Repairit, potentially leading to data theft, ransomware deployment, or system takeover.
Likely Case
Unauthorized access to sensitive files being repaired, potentially exposing personal or business data, with possible file corruption or deletion.
If Mitigated
Limited impact if system is isolated, has strict network controls, and files being processed contain no sensitive information.
🎯 Exploit Status
ZDI advisory suggests straightforward exploitation; CVSS 9.1 indicates high exploitability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Wondershare official advisory for specific patched version
Vendor Advisory: https://www.wondershare.com/security-advisory/
Restart Required: Yes
Instructions:
1. Open Wondershare Repairit
2. Go to Help > Check for Updates
3. Install latest available update
4. Restart application and system
🔧 Temporary Workarounds
Network Isolation
windowsBlock inbound network access to Repairit application
Windows Firewall: New-InboundFirewallRule -DisplayName 'Block Repairit' -Program 'C:\Program Files\Wondershare\Repairit\Repairit.exe' -Action Block
Disable Network Features
allTurn off any network/cloud features in Repairit settings
🧯 If You Can't Patch
- Discontinue use of Wondershare Repairit until patched
- Use alternative file repair software with proper security controls
🔍 How to Verify
Check if Vulnerable:
Check if running unpatched version of Wondershare Repairit; verify if authentication can be bypassed via network requestsCheck Version:
Windows: wmic product where name='Wondershare Repairit' get versionVerify Fix Applied:
Confirm latest version is installed and test authentication bypass attempts fail📡 Detection & Monitoring
Log Indicators:
- Unusual authentication events
- Failed login attempts followed by successful access
- Access from unexpected IP addresses
Network Indicators:
- Unauthenticated API calls to Repairit endpoints
- Unexpected outbound connections from Repairit
SIEM Query:
source='*repairit*' AND (event_type='auth_failure' OR event_type='auth_success' FROM unknown_ip)